Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Defining a network-to-network filter

The following example shows how to define a network-to-network packet filter, allowing packets originating from 10.10.40.0/24 and destined for 172.16.0.0/24. It then applies the firewall instance to packets inbound through the 40 virtual interface (vif 40) and the dp0p1p2 interface.

To create a network-to-network filter, perform the following steps in configuration mode.

Table 1. Defining a network-to-network filter
Step Command

Create the configuration node for the FWTEST-4 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.

vyatta@R1# set security firewall name FWTEST-4 rule 1 action accept

Define a rule that filters traffic coming from the 10.10.40.0/24 network.

vyatta@R1# set security firewall name FWTEST-4 rule 1 source address 10.10.40.0/24

Define a rule that filters traffic destined for the 172.16.0.0/24 network.

vyatta@R1# set security firewall name FWTEST-4 rule 1 destination address 172.16.0.0/24

Apply FWTEST-4 to packets bound for this router arriving through vif 40 on dp0p1p2.

vyatta@R1# set interfaces dataplane dp0p1p2 vif 40 firewall in FWTEST-4

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1# show security firewall name FWTEST-4
name FWTEST-4 {
 rule 1 {
    action accept
    destination {
        address 172.16.0.0/24
    }
    source {
        address 10.10.40.0/24
    }
 }
}
vyatta@R1# show interfaces dataplane dp0p1p2
dataplane dp0p1p2 {
 vif 40 {
    firewall {
        in FWTEST-4

    }
 }
}