Filtering on source IP address and destination protocol

The following example shows how to define a firewall rule that filters on source IP address and destination protocol. This rule allows TCP packets originating from address 10.10.30.46 (that is, R5), and destined for the Telnet port of R1. The instance is applied to local packets (that is, packets destined for this router, R1) through the dp0p1p2 interface.

To create an instance that filters on source IP address and destination protocol, perform the following steps in configuration mode.

Table 1. Filtering on source IP and destination protocol
Step	Command
Create the configuration node for the FWTEST-3 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.	`vyatta@R1# set security firewall name FWTEST-3 rule 1 action accept`
Define a rule that filters traffic on the 10.10.30.46 source IP address.	`vyatta@R1# set security firewall name FWTEST-3 rule 1 source address 10.10.30.46`
Define a rule that filters TCP traffic.	`vyatta@R1# set security firewall name FWTEST-3 rule 1 protocol tcp`
Define a rule that filters traffic destined for the Telnet service.	`vyatta@R1# set security firewall name FWTEST-3 rule 1 destination port telnet`
Apply FWTEST-3 to packets bound for this router arriving on dp0p1p2.	`vyatta@R1# set interfaces dataplane dp0p1p2 firewall in FWTEST-3`
Commit the configuration.	`vyatta@R1# commit`
Show the configuration.	`vyatta@R1# show security firewall name FWTEST-3 name FWTEST-3 { rule 1 { action accept destination { port telnet } protocol tcp source { address 10.10.30.46 } } } vyatta@R1# show interfaces dataplane dp0p1p2 dataplane dp0p1p2 { firewall { in FWTEST-3 } }`

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Filtering on source IP address and destination protocol

Helpful Links

Key Resources