diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/fw-addr-lists.md | 10 | ||||
| -rw-r--r-- | doc/ipv6-update.md | 12 | ||||
| -rw-r--r-- | doc/mod/notification-matrix.md | 10 | ||||
| -rw-r--r-- | doc/mod/notification-ntfy.md | 5 | ||||
| -rw-r--r-- | doc/netwatch-dns.md | 5 | ||||
| -rw-r--r-- | doc/netwatch-notify.md | 17 |
6 files changed, 44 insertions, 15 deletions
diff --git a/doc/fw-addr-lists.md b/doc/fw-addr-lists.md index 2008c7e..3d9e771 100644 --- a/doc/fw-addr-lists.md +++ b/doc/fw-addr-lists.md @@ -62,9 +62,8 @@ The configuration goes to `global-config-overlay`, these are the parameters: > your local `global-config-overlay` and modify it to your specific needs. Naming a certificate for a list makes the script verify the server -certificate, so you should add that if possible. Some certificates are -available in my repository and downloaded automatically. Import it manually -(menu `/certificate/`) if missing. +certificate, so you should add that if possible. You may want to find the +[certificate name from browser](../CERTIFICATES.md). Create firewall rules to process the packets that are related to addresses from address-lists. @@ -127,6 +126,11 @@ Drop packets in firewall's raw section: > ⚠️ **Warning**: Just again... The order of firewall rules is important. Make > sure they actually take effect as expected! +See also +-------- + +* [Certificate name from browser](../CERTIFICATES.md) + --- [⬅️ Go back to main README](../README.md) [⬆️ Go back to top](#top) diff --git a/doc/ipv6-update.md b/doc/ipv6-update.md index 88600c5..42f0fe4 100644 --- a/doc/ipv6-update.md +++ b/doc/ipv6-update.md @@ -45,13 +45,17 @@ Installing [ppp-on-up](ppp-on-up.md) may solve this. Configuration ------------- -An address list entry is updated with current prefix and can be used in -firewall rules, comment has to be "`ipv6-pool-`" and actual pool name: +As an address-list entry is mandatory a dynamic one is created automatically. +It is updated with current prefix and can be used in firewall rules. + +Alternatively a static address-list entry can be used, where comment has to +be "`ipv6-pool-`" and actual pool name. Use what ever list is desired, and +create it with: /ipv6/firewall/address-list/add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern; -As this entry is mandatory it is created automatically if it does not exist, -with the comment also set for list. +If the dynamic entry exists already you need to remove it before creating +the static one.. Address list entries for specific interfaces can be updated as well. The interface needs to get its address from pool `isp` and the address list entry diff --git a/doc/mod/notification-matrix.md b/doc/mod/notification-matrix.md index c96a719..fbc9b91 100644 --- a/doc/mod/notification-matrix.md +++ b/doc/mod/notification-matrix.md @@ -46,6 +46,15 @@ The Matrix server is connected via encrypted https, and certificate verification is applied. So make sure you have the certificate chain for your server in device's certificate store. +The example below is for `matrix.org`, which uses a trust chain from *Google +Trust Services*. Run this to import the required certificate: + + $CertificateAvailable "GTS Root R4"; + +Replace the CA certificate name with what ever is needed for your server. +You may want to find the +[certificate name from browser](../../CERTIFICATES.md). + ### From other device If you have setup your Matrix *notification account* before just reuse that. @@ -120,6 +129,7 @@ function available: See also -------- +* [Certificate name from browser](../../CERTIFICATES.md) * [Send notifications via e-mail](notification-email.md) * [Send notifications via Ntfy](notification-ntfy.md) * [Send notifications via Telegram](notification-telegram.md) diff --git a/doc/mod/notification-ntfy.md b/doc/mod/notification-ntfy.md index 2a43e3c..5393d44 100644 --- a/doc/mod/notification-ntfy.md +++ b/doc/mod/notification-ntfy.md @@ -52,6 +52,10 @@ basic authentication. Configure `NtfyServerUser` and `NtfyServerPass` for this. Even authentication via access token is possible, adding it as password with a blank username. +For a custom service installing an additional certificate may be required. +You may want to install that certificate manually, after finding the +[certificate name from browser](../../CERTIFICATES.md). + Usage and invocation -------------------- @@ -82,6 +86,7 @@ function available: See also -------- +* [Certificate name from browser](../../CERTIFICATES.md) * [Send notifications via e-mail](notification-email.md) * [Send notifications via Matrix](notification-matrix.md) * [Send notifications via Telegram](notification-telegram.md) diff --git a/doc/netwatch-dns.md b/doc/netwatch-dns.md index 54dd6c6..cdfbd97 100644 --- a/doc/netwatch-dns.md +++ b/doc/netwatch-dns.md @@ -59,8 +59,8 @@ resolves to the same address. Be aware that you have to keep the ip address in sync with real world manually! -Importing a certificate automatically is possible, at least if available in -the repository (see `certs` sub directory). +Importing a certificate automatically is possible. You may want to find the +[certificate name from browser](../CERTIFICATES.md). /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G2" host=1.1.1.1; /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G3" host=9.9.9.9; @@ -87,6 +87,7 @@ Also this allows to update host address, see option `resolve`. See also -------- +* [Certificate name from browser](../CERTIFICATES.md) * [Notify on host up and down](netwatch-notify.md) --- diff --git a/doc/netwatch-notify.md b/doc/netwatch-notify.md index 948cbec..81adfe9 100644 --- a/doc/netwatch-notify.md +++ b/doc/netwatch-notify.md @@ -66,9 +66,9 @@ notification is sent. Getting the escaping right may be troublesome. Please consider adding a script in `/system/script`, then running that from hook. -### Count threshould +### Count threshold -The count threshould (default is 5 checks) is configurable as well: +The count threshold (default is 5 checks) is configurable as well: /tool/netwatch/add comment="notify, name=example.com, count=10" host=104.18.144.11; @@ -81,19 +81,24 @@ suppress notification if the parent host is down: /tool/netwatch/add comment="notify, name=example.com, parent=gateway" host=93.184.216.34; Note that every configured parent in a chain increases the check count -threshould by one. +threshold by one. ### Update from DNS The host address can be updated dynamically. Give extra parameter `resolve` with a resolvable name: - /tool/netwatch/add comment="notify, name=example.com, resolve=example.com"; + /tool/netwatch/add comment="notify, name=example.com, resolve=example.com" host=0.0; -This supports multiple A or AAAA records for a name just fine, even a CNAME +This supports multiple A records for a name just fine, even a CNAME to those. An update happens only if no more record with the configured host address is found. +The address family is preserved, so if you want AAAA records (for IPv6) +use this: + + /tool/netwatch/add comment="notify, name=example.com, resolve=example.com" host=::; + ### No notification on host down Also suppressing the notification on host down is possible with parameter @@ -125,7 +130,7 @@ included verbatim into the notification. It is possible to add a link in notification, that is added below the formatted notification text. - /tool/netwatch/add comment="notify, name=example.com, resolve=example.com, link=https://example.com/"; + /tool/netwatch/add comment="notify, name=example.com, resolve=example.com, link=https://example.com/" host=0.0; Tips & Tricks ------------- |