Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Filtering on source IP address

The following figure shows how to define a firewall instance that contains one rule, which filters packets only on source IP address. This rule denies packets coming from the R2 router. It then applies the firewall instance to packets inbound on the dp0p1p1 interface.

To create an instance that filters on source IP address, perform the following steps in configuration mode.

Table 1. Filtering on source IP
Step Command

Define the action of this rule.

vyatta@R1# set security firewall name FWTEST-1 rule 1 action accept

Define a rule that filters traffic on the 176.16.0.26 source IP address.

vyatta@R1# set security firewall name FWTEST-1 rule 1 source address 172.16.0.26

Apply FWTEST-1 to inbound packets on dp0p1p1.

vyatta@R1# set interfaces dataplane dp0p1p1 firewall in FWTEST-1

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1# show security firewall name FWTEST-1
name FWTEST-1 {
       rule 1 {
               action accept
               source {
                       address 172.16.0.26
               }
       }
}
vyatta@R1# show interfaces dataplane dp0p1p1
dataplane dp0p1p1 {
       address 172.16.1.1/24
       firewall {
               in FWTEST-1
       }
}