Filtering on source and destination IP addresses

The following example shows how to define another firewall instance. This instance contains one rule, which filters packets on both source and destination IP addresses. The rule accepts packets leaving R5 through dp0p1p2 using 10.10.30.46 and destined for 10.10.40.101. It then applies the firewall instance to packets outbound from the 1 virtual interface (vif 1) on the dp0p1p2 interface.

To create an instance that filters on source and destination IP addresses, perform the following steps in configuration mode.

Table 1. Filtering on source and destination IP
Step	Command
Create the configuration node for the FWTEST-2 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.	`vyatta@R1# set security firewall name FWTEST-2 rule 1 action accept`
Define a rule that filters traffic on the 10.10.30.46 source IP address.	`vyatta@R1# set security firewall name FWTEST-2 rule 1 source address 10.10.30.46`
Define a rule that filters traffic on the 10.10.40.101 destination IP address.	`vyatta@R1# set security firewall name FWTEST-2 rule 1 destination address 10.10.40.101`
Apply FWTEST-2 to outbound packets on dp0p1p2 vif 40.	`vyatta@R1# set interfaces dataplane dp0p1p2 vif 40 firewall out FWTEST-2`
Commit the configuration.	`vyatta@R1# commit`
Show the configuration.	`vyatta@R1# show security firewall name FWTEST-2 name FWTEST-2 { rule 1 { action accept destination { address 10.10.40.101 } source { address 10.10.30.46 } } } vyatta@R1# show interfaces dataplane dp0p1p2 dataplane dp0p1p2 { vif 40 { firewall { out FWTEST-2 } } }`

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Filtering on source and destination IP addresses

Helpful Links

Key Resources