From f2d55d39f8929a470ada7a66f3b7f6b517ab2d11 Mon Sep 17 00:00:00 2001 From: Monviech <79600909+Monviech@users.noreply.github.com> Date: Wed, 23 Aug 2023 12:02:15 +0200 Subject: [PATCH] Update ips-bypass.rst - removed images --- source/manual/how-tos/ips-bypass.rst | 34 ++++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/source/manual/how-tos/ips-bypass.rst b/source/manual/how-tos/ips-bypass.rst index 3feaa29b..2445c5bf 100644 --- a/source/manual/how-tos/ips-bypass.rst +++ b/source/manual/how-tos/ips-bypass.rst @@ -4,8 +4,8 @@ IPS - Bypass local traffic from inspection This tutorial explains how to bypass traffic between local attached networks. Following this tutorial will result in traffic only being inspected between external (WAN) networks and internal (LAN) networks. -* Benefit: There will be faster routing performance between local attached networks when Intrusion Detection is enabled in IPS mode. -* Potential Risk: **Internal traffic** between local attached networks **WON'T be inspected anymore**, so use this with care! +* **Benefit**: There will be faster routing performance between local networks when Intrusion Detection is enabled in IPS mode. +* **Potential Risk: Internal traffic WON'T be inspected anymore, so use this with care!** ------------- Prerequisites @@ -23,25 +23,34 @@ User defined Select the tab **User defined**. -|ids_tabs_user| - ----------------- Create new Rules ----------------- -Select |add| to add a new rule. +Select **+** to add a new rule. * Input the **Source IP** as IP with CIDR-Suffix or Prefix, e.g. ``10.0.0.0/8`` or ``2003:a:a:a::/56`` * Input the **Destination IP** as IP with CIDR-Suffix or Prefix, e.g. ``10.0.0.0/8`` or ``2003:a:a:a::/56`` * Select the **Action** as *Pass* * Enable the **Bypass** checkbox +* Set the **Description** as "Bypass net 10.0.0.0 to 10.0.0.0" -|ips_bypass_1| +Select **+** to create additional new rules -* Repeat the above step to create rules between each of the RFC1918 Private IPv4 subnets. (``192.168.0.0/16``, ``172.16.0.0/12``, ``10.0.0.0/8``). This will result in 9 rules. +* Repeat the above steps to create rules between each of the RFC1918 Private IPv4 subnets. (``192.168.0.0/16``, ``172.16.0.0/12``, ``10.0.0.0/8``). This will result in 9 rules. * If you use IPv6, create additional rules between your IPv6 Prefixes. You can find them in :menuselection:`Interfaces --> Overview` at IPv6 prefix of the selected WAN interface. (e.g ``2003:a:a:a::/56``) -|ips_bypass_2| +The finished IPv4 ruleset should include the following rules: + +* ``Bypass net 10.0.0.0 to 10.0.0.0`` +* ``Bypass net 10.0.0.0 to 172.16.0.0`` +* ``Bypass net 10.0.0.0 to 192.168.0.0`` +* ``Bypass net 172.16.0.0 to 10.0.0.0`` +* ``Bypass net 172.16.0.0 to 172.16.0.0`` +* ``Bypass net 172.16.0.0 to 192.168.0.0`` +* ``Bypass net 192.168.0.0 to 10.0.0.0`` +* ``Bypass net 192.168.0.0 to 172.16.0.0`` +* ``Bypass net 192.168.0.0 to 192.168.0.0`` ------------------- Apply configuration @@ -49,12 +58,3 @@ Apply configuration First apply the configuration by pressing the **Apply** button at the bottom of the form. - -.. - -.. |ids_menu| image:: images/ids_menu.png -.. |ids_tabs_user| image:: images/ids_tabs_user.png -.. |add| image:: images/ids_tabs_user_add.png -.. |ips_bypass_1| image:: images/ips_bypass_rule_1.png -.. |ips_bypass_2| image:: images/ips_bypass_rule_2.png -.. |apply| image:: images/applybtn.png