Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Default rule set

The vRouter is preconfigured with a default rule set for RBAC. The following example shows the default rule set in RBAC.
super@vyatta# show system acm
 create-default deny
 delete-default deny
 enable
 exec-default allow
 operational-ruleset {
     rule 9988 {
         action deny
         command /show/configuration
         group vyattaop
     }
     rule 9989 {
         action allow
         command "/clear/*"
         group vyattaop
     }
     rule 9990 {
         action allow
         command "/show/*"
         group vyattaop
     }
     rule 9991 {
         action allow
         command "/monitor/*"
         group vyattaop
     }
     rule 9992 {
         action allow
         command "/ping/*"
         group vyattaop
     }
     rule 9993 {
         action allow
         command "/reset/*"
         group vyattaop
     }
     rule 9994 {
         action allow
         command "/release/*"
         group vyattaop
     }
     rule 9995 {
         action allow
         command "/renew/*"
         group vyattaop
     }
     rule 9996 {
         action allow
         command "/telnet/*"
         group vyattaop
     }
     rule 9997 {
         action allow
         command "/traceroute/*"
         group vyattaop
     }
     rule 9998 {
         action allow
         command "/update/*"
         group vyatta-op
     }
     rule 9999 {
         action deny
         command "*"
         group vyattaop
     }
 }
 read-default allow
 ruleset {
     rule 9999 {
         action allow
         group vyattacfg
         operation "*"
         path "*"
     }
 }
 update-default deny
}