home

Supported platforms

Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Filtering on source and destination IP addresses

The following example shows how to define another firewall instance. This instance contains one rule, which filters packets on both source and destination IP addresses. The rule accepts packets leaving R5 through dp0p1p2 using 10.10.30.46 and destined for 10.10.40.101. It then applies the firewall instance to packets outbound from the 1 virtual interface (vif 1) on the dp0p1p2 interface.

To create an instance that filters on source and destination IP addresses, perform the following steps in configuration mode.

Table 1. Filtering on source and destination IP
Step Command

Create the configuration node for the FWTEST-2 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.

vyatta@R1# set security firewall name FWTEST-2 rule 1 action accept

Define a rule that filters traffic on the 10.10.30.46 source IP address.

vyatta@R1# set security firewall name FWTEST-2 rule 1 source address 10.10.30.46

Define a rule that filters traffic on the 10.10.40.101 destination IP address.

vyatta@R1# set security firewall name FWTEST-2 rule 1 destination address 10.10.40.101

Apply FWTEST-2 to outbound packets on dp0p1p2 vif 40.

vyatta@R1# set interfaces dataplane dp0p1p2 vif 40 firewall out FWTEST-2

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1# show security firewall name FWTEST-2
name FWTEST-2 {
       rule 1 {
               action accept
               destination {
                       address 10.10.40.101
               }
               source {
                       address 10.10.30.46
               }
       }
}
vyatta@R1# show interfaces dataplane dp0p1p2
dataplane dp0p1p2 {
       vif 40 {
               firewall {
                       out FWTEST-2
               }
       }
}