From bbef88546d9d613d3f60a0af61ab18a0ccf3f362 Mon Sep 17 00:00:00 2001 From: r-caamano Date: Wed, 25 Sep 2024 02:59:41 +0000 Subject: [PATCH] Edit to README --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c94423a..f7835c1 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,7 @@ sudo vi /opt/openziti/etc/ebpf_config.json - Adding interfaces Replace ens33 in line with:{"InternalInterfaces":[{"Name":"ens33"}], "ExternalInterfaces":[]} Replace with interface that you want to enable for ingress firewalling / openziti interception and - optionally ExternalInterfaces if you want per interface rules -N with -I. + optionally ExternalInterfaces if you want per interface rules -N with -I. ``` i.e. ens33 {"InternalInterfaces":[{"Name":"ens33"}], "ExternalInterfaces":[]} @@ -529,7 +529,7 @@ sudo zfw -M |all ### Enable both TC ingress and Egress filters on an interface -```sudo zfw -H, --init-tc ``` +```sudo zfw -H, --init-tc ``` ### Native EBPF based IPv4 and IPv6 Masquerade support @@ -709,7 +709,7 @@ Rule Count: 1 - *Supports inbound ssh (Can be disabled via ```sudo zfw -x ```) (Care should be taken as this affects IPv4 as well) - Supports outbound stateful host connections (Inbound only if outbound initiated) - Supports outbound passthrough tracking. Sessions initiated from non-ebpf enabled and ebpf enabled internal interfaces out - through interface(s) defined as ExternalInterface (requires -N with -I unless "PerInterfaceRules": false) or InternalInterface in /opt/openziti/etc/ebpf_config.json + through interface(s) defined as ExternalInterface (requires -N with -I unless "PerInterfaceRules": false) or InternalInterface in /opt/openziti/etc/ebpf_config.json or manually applied with sudo ```zfw -X -O /opt/openziti/zfw_outbound_track.o -z egress``` will allow stateful udp and tcp session traffic back in. - Support for inbound IPv6 filter destination rules. Currently only destination filtering is allowed.