Update procedure

maxvp · maxvp · commit e19b698d3ca0 · 2024-11-27T16:34:59.000-06:00
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/index.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/index.mdx
@@ -63,7 +63,6 @@ You can create Zero Trust policies to manage access to specific applications on
 
 5. For **Value**, enter the IP address for your application (for example, `10.128.0.7`).
    :::note
-
    If you would like to create a policy for an IP/CIDR range instead of a specific IP address, you can build a [Gateway Network policy](/cloudflare-one/policies/gateway/network-policies/) using the **Destination IP** selector.
    :::
 
@@ -74,15 +73,17 @@ You can create Zero Trust policies to manage access to specific applications on
 8. Modify the policies to include additional identity-based conditions. For example:
 
    - **Policy 1**
-     | Selector | Operator | Value | Logic | Action |
+
+     | Selector       | Operator      | Value            | Logic | Action |
      | -------------- | ------------- | ---------------- | ----- | ------ |
-     | Destination IP | in | `10.128.0.7` | And | Allow |
-     | User Email | matches regex | `.*@example.com` | | |
+     | Destination IP | in            | `10.128.0.7`     | And   | Allow  |
+     | User Email     | matches regex | `.*@example.com` |       |        |
 
    - **Policy 2**
-     | Selector | Operator | Value | Action |
+
+     | Selector       | Operator | Value        | Action |
      | -------------- | -------- | ------------ | ------ |
-     | Destination IP | in | `10.128.0.7` | Block |
+     | Destination IP | in       | `10.128.0.7` | Block  |
 
    Policies are evaluated in [numerical order](/cloudflare-one/policies/gateway/order-of-enforcement/#order-of-precedence), so a user with an email ending in @example.com will be able to access `10.128.0.7` while all others will be blocked. For more information on building network policies, refer to our [dedicated documentation](/cloudflare-one/policies/gateway/network-policies/).
 
@@ -111,7 +112,5 @@ Check the local IP address of the device and ensure that it does not fall within
 To resolve the IP conflict, you can either:
 
 - Reconfigure the user's router to use a non-overlapping IP range. Compatible routers typically use `192.168.1.0/24`, `192.168.0.0/24` or `172.16.0.0/24`.
-
 - Tighten the IP range in your Split Tunnel configuration to exclude the `10.0.0.0/24` range. This will only work if your private network does not have any hosts within `10.0.0.0/24`.
-
 - Change the IP/CIDR of your private network so that it does not overlap with a range commonly used by home networks.
diff --git a/src/content/partials/cloudflare-one/tunnel/enable-gateway-proxy.mdx b/src/content/partials/cloudflare-one/tunnel/enable-gateway-proxy.mdx
@@ -2,14 +2,15 @@
 {}
 ---
 
-import { Details } from "~/components";
+import { Tabs, TabItem } from "~/components";
 
 1. Go to **Settings** > **Network**.
-2. Enable **Proxy** for TCP.
-3. (Recommended) To proxy traffic to internal DNS resolvers, select **UDP**.
-4. (Recommended) To proxy traffic for diagnostic tools such as `ping` and `traceroute`, select **ICMP**. You may also need to update your system to allow ICMP traffic through `cloudflared`:
+2. Turn on **Proxy**.
+3. Select **TCP**.
+4. (Recommended) To proxy traffic to internal DNS resolvers, select **UDP**.
+5. (Recommended) To proxy traffic for diagnostic tools such as `ping` and `traceroute`, select **ICMP**. You may also need to update your system to allow ICMP traffic through `cloudflared`:
 
-<Details header="Linux">
+<Tabs> <TabItem label="Linux" icon="linux">
 
 1. Ensure that `ping_group_range` includes the Group ID (GID) of the user running `cloudflared`.
 
@@ -36,14 +37,12 @@ import { Details } from "~/components";
    cloudflared tunnel run --icmpv4-src <IP of primary interface>
    ```
 
-</Details>
-
-<Details header="Docker">
+</TabItem> <TabItem label="Docker" icon="seti:docker">
 
 In your environment, modify the `ping_group_range` parameter to include the Group ID (GID) of the user running `cloudflared`.
 
 By default the [`cloudflared` Docker container](https://github.com/cloudflare/cloudflared/blob/master/Dockerfile#L29C6-L29C13) executes as a user called `nonroot` inside of the container. `nonroot` is a specific user that exists in the [base image](https://github.com/GoogleContainerTools/distroless/blob/859eeea1f9b3b7d59bdcd7e24a977f721e4a406c/base/base.bzl#L8) we use, and its Group ID is hardcoded to 65532.
 
-</Details>
+</TabItem> </Tabs>
 
 Cloudflare will now proxy traffic from enrolled devices, except for the traffic excluded in your [split tunnel settings](/cloudflare-one/connections/connect-networks/private-net/cloudflared/#3-route-private-network-ips-through-warp). For more information on how Gateway forwards traffic, refer to [Gateway proxy](/cloudflare-one/policies/gateway/proxy/).
