home

Supported platforms

Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Defining a network-to-network filter

The following example shows how to define a network-to-network packet filter, allowing packets originating from 10.10.40.0/24 and destined for 172.16.0.0/24. It then applies the firewall instance to packets inbound through the 40 virtual interface (vif 40) and the dp0p1p2 interface.

To create a network-to-network filter, perform the following steps in configuration mode.

Table 1. Defining a network-to-network filter
Step Command

Create the configuration node for the FWTEST-4 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.

vyatta@R1# set security firewall name FWTEST-4 rule 1 action accept

Define a rule that filters traffic coming from the 10.10.40.0/24 network.

vyatta@R1# set security firewall name FWTEST-4 rule 1 source address 10.10.40.0/24

Define a rule that filters traffic destined for the 172.16.0.0/24 network.

vyatta@R1# set security firewall name FWTEST-4 rule 1 destination address 172.16.0.0/24

Apply FWTEST-4 to packets bound for this router arriving through vif 40 on dp0p1p2.

vyatta@R1# set interfaces dataplane dp0p1p2 vif 40 firewall in FWTEST-4

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1# show security firewall name FWTEST-4
name FWTEST-4 {
 rule 1 {
    action accept
    destination {
        address 172.16.0.0/24
    }
    source {
        address 10.10.40.0/24
    }
 }
}
vyatta@R1# show interfaces dataplane dp0p1p2
dataplane dp0p1p2 {
 vif 40 {
    firewall {
        in FWTEST-4

    }
 }
}