Changes needed for 21.7, refactored States and Session diagnostics view and reply-to option.

3 years ago · c2abf87adb
parent f816de248b
commit c2abf87adb
2 changed files with 16 additions and 29 deletions
--- a/source/manual/diagnostics_firewall.rst
+++ b/source/manual/diagnostics_firewall.rst
@ -3,20 +3,7 @@ Diagnostics
 ===========

 -----------------------------------------
-pfInfo
-----------------------------------------
-
-Various detailed statistics gathered from `pfctl <https://www.freebsd.org/cgi/man.cgi?query=pfctl>`__,
-such as packet counters per interface, memory limits, configured timeouts and detailed active rules.
-
-----------------------------------------
-pfTop
-----------------------------------------
-
-`pftop <https://www.freebsd.org/cgi/man.cgi?query=pftop>`__ displays the active packetfilter states and rules, and periodically updates this information.
-
-----------------------------------------
-pfTables
+Aliases
 -----------------------------------------

 Detailed insight into loaded aliases and their content. When an alias has **Statistics** enabled, it will show these
@ -34,25 +21,24 @@ It's also possible to manually adjust the contents, using **Quick add address**
    Use "Find references" to check if an address would match any configured aliases, which is very practical for debugging
    purposes, since it will also check if an address fits a network (such as 10.0.0.2 fits in 10.0.0.0/24).

-
 -----------------------------------------
-States Dump
+Sessions
 -----------------------------------------

-Insight into the state table (pf), offers the ability to search for specific states and removal.
+Utilises `pftop <https://www.freebsd.org/cgi/man.cgi?query=pftop>`__ to offer a detailed view on the active sessions
+and their traffic counters.

 -----------------------------------------
-States Reset
+States
 -----------------------------------------

-Delete all active states and source tracking (cancels connections)
-
-.. Warning::
-
-    Handle with care, a state reset will discard all active connections, in which case clients might have to reconnect
+Insight into the state table (pf), offers the ability to search for specific states and removal.
+It is also possible to reset all states and/or the source tracking tables from here, especially the state table
+reset should be used with care as it drops all active connections.

 -----------------------------------------
-States Summary
+pfInfo
 -----------------------------------------

-Show states sorted by criteria like source IP, destination IP, …
+Various detailed statistics gathered from `pfctl <https://www.freebsd.org/cgi/man.cgi?query=pfctl>`__,
+such as packet counters per interface, memory limits, configured timeouts and detailed active rules.
--- a/source/manual/firewall.rst
+++ b/source/manual/firewall.rst
@ -59,8 +59,7 @@ to pass traffic, it's much harder to spoof traffic.

 .. Note::
    When changing rules, sometimes its necessary to reset states to assure the new policies are used for existing traffic.
-    You can do this in :menuselection:`Firewall --> Diagnostics --> States Reset` or :menuselection:`Firewall --> Diagnostics --> States Dump`
-    to reset specific states.
+    You can do this in :menuselection:`Firewall --> Diagnostics --> States`.


 .. Note::
@ -68,6 +67,8 @@ to pass traffic, it's much harder to spoof traffic.
    this can be configured in :menuselection:`Firewall --> Settings --> Firewall Maximum States`.
    (The help text shows the default number of states on your platform)

+States can also be quite convenient to find the active top users on your firewall at any time, as of 21.7 we added
+an easy to use "session" browser for this purpose. You can find it under :menuselection:`Firewall --> Diagnostics --> Sessions`.

 ....................
 Action
@ -277,9 +278,9 @@ Gateway                               When a gateway is specified, packets will
                                      the specified gateway or gateway group. Usually this option is set on the
                                      receiving interface (LAN for example), which then chooses the gateway
                                      specified here. (This ignores default routing rules)
-disable reply-to                      By default traffic is always send to the connected gateway on the interface.
+reply-to                              By default traffic is always send to the connected gateway on the interface.
                                      If for some reason you don't want to force traffic to that gateway, you
-                                      can disable this behaviour.
+                                      can disable this behaviour or enforce an alternative target here.
 ====================================  ===============================================================================