Defining a network-to-network filter

The following example shows how to define a network-to-network packet filter, allowing packets originating from 10.10.40.0/24 and destined for 172.16.0.0/24. It then applies the firewall instance to packets inbound through the 40 virtual interface (vif 40) and the dp0p1p2 interface.

To create a network-to-network filter, perform the following steps in configuration mode.

Table 1. Defining a network-to-network filter
Step	Command
Create the configuration node for the FWTEST-4 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.	`vyatta@R1# set security firewall name FWTEST-4 rule 1 action accept`
Define a rule that filters traffic coming from the 10.10.40.0/24 network.	`vyatta@R1# set security firewall name FWTEST-4 rule 1 source address 10.10.40.0/24`
Define a rule that filters traffic destined for the 172.16.0.0/24 network.	`vyatta@R1# set security firewall name FWTEST-4 rule 1 destination address 172.16.0.0/24`
Apply FWTEST-4 to packets bound for this router arriving through vif 40 on dp0p1p2.	`vyatta@R1# set interfaces dataplane dp0p1p2 vif 40 firewall in FWTEST-4`
Commit the configuration.	`vyatta@R1# commit`
Show the configuration.	`vyatta@R1# show security firewall name FWTEST-4 name FWTEST-4 { rule 1 { action accept destination { address 172.16.0.0/24 } source { address 10.10.40.0/24 } } } vyatta@R1# show interfaces dataplane dp0p1p2 dataplane dp0p1p2 { vif 40 { firewall { in FWTEST-4 } } }`

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Defining a network-to-network filter

Helpful Links

Key Resources