T6760: add docs for new commands available in firewall: packet modifi…

…cations commands.

docs/configuration/firewall/bridge.rst

@@ -386,6 +386,44 @@ described in this section:
    Match based on VLAN priority (Priority Code Point - PCP). Range is also
    supported.
 
+Packet Modifications
+====================
+
+Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify
+packets before they are sent out. This feaure provides more flexibility in
+packet handling.
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+   rule <1-999999> set dscp <0-63>
+
+   Set a specific value of Differentiated Services Codepoint (DSCP).
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+   rule <1-999999> set mark <1-2147483647>
+
+   Set a specific packet mark value.
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+   rule <1-999999> set tcp-mss <500-1460>
+
+   Set the TCP-MSS (TCP maximum segment size) for the connection.
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+   rule <1-999999> set ttl <0-255>
+
+   Set the TTL (Time to Live) value.
+
+.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter
+   rule <1-999999> set hop-limit <0-255>
+
+   Set hop limit value.
+
+.. cfgcmd:: set firewall bridge [forward | output] filter
+   rule <1-999999> set connection-mark <0-2147483647>
+
+   Set connection mark value.
+
+
 Use IP firewall
 ===============
 

docs/configuration/firewall/ipv4.rst

@@ -980,6 +980,56 @@ geoip) to keep database and rules updated.
    Match when 'count' amount of connections are seen within 'time'. These
    matching criteria can be used to block brute-force attempts.
 
+Packet Modifications
+====================
+
+Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify
+packets before they are sent out. This feaure provides more flexibility in
+packet handling.
+
+.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999>
+   set dscp <0-63>
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+   set dscp <0-63>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+   set dscp <0-63>
+
+   Set a specific value of Differentiated Services Codepoint (DSCP).
+
+.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999>
+   set mark <1-2147483647>
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+   set mark <1-2147483647>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+   set mark <1-2147483647>
+
+   Set a specific packet mark value.
+
+.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999>
+   set tcp-mss <500-1460>
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+   set tcp-mss <500-1460>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+   set tcp-mss <500-1460>
+
+   Set the TCP-MSS (TCP maximum segment size) for the connection.
+
+.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999>
+   set ttl <0-255>
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+   set ttl <0-255>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+   set ttl <0-255>
+
+   Set the TTL (Time to Live) value.
+
+.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999>
+   set connection-mark <0-2147483647>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+   set connection-mark <0-2147483647>
+
+   Set connection mark value.
+
 ********
 Synproxy
 ********

docs/configuration/firewall/ipv6.rst

@@ -970,6 +970,56 @@ geoip) to keep database and rules updated.
    Match when 'count' amount of connections are seen within 'time'. These
    matching criteria can be used to block brute-force attempts.
 
+Packet Modifications
+====================
+
+Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify
+packets before they are sent out. This feaure provides more flexibility in
+packet handling.
+
+.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999>
+   set dscp <0-63>
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+   set dscp <0-63>
+.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999>
+   set dscp <0-63>
+
+   Set a specific value of Differentiated Services Codepoint (DSCP).
+
+.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999>
+   set mark <1-2147483647>
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+   set mark <1-2147483647>
+.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999>
+   set mark <1-2147483647>
+
+   Set a specific packet mark value.
+
+.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999>
+   set tcp-mss <500-1460>
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+   set tcp-mss <500-1460>
+.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999>
+   set tcp-mss <500-1460>
+
+   Set the TCP-MSS (TCP maximum segment size) for the connection.
+
+.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999>
+   set hop-limit <0-255>
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+   set hop-limit <0-255>
+.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999>
+   set hop-limit <0-255>
+
+   Set hop limit value.
+
+.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999>
+   set connection-mark <0-2147483647>
+.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999>
+   set connection-mark <0-2147483647>
+
+   Set connection mark value.
+
 ********
 Synproxy
 ********