Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Filtering on source IP address and destination protocol

The following example shows how to define a firewall rule that filters on source IP address and destination protocol. This rule allows TCP packets originating from address 10.10.30.46 (that is, R5), and destined for the Telnet port of R1. The instance is applied to local packets (that is, packets destined for this router, R1) through the dp0p1p2 interface.

To create an instance that filters on source IP address and destination protocol, perform the following steps in configuration mode.

Table 1. Filtering on source IP and destination protocol
Step Command

Create the configuration node for the FWTEST-3 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.

vyatta@R1# set security firewall name FWTEST-3 rule 1 action accept

Define a rule that filters traffic on the 10.10.30.46 source IP address.

vyatta@R1# set security firewall name FWTEST-3 rule 1 source address 10.10.30.46

Define a rule that filters TCP traffic.

vyatta@R1# set security firewall name FWTEST-3 rule 1 protocol tcp

Define a rule that filters traffic destined for the Telnet service.

vyatta@R1# set security firewall name FWTEST-3 rule 1 destination port telnet

Apply FWTEST-3 to packets bound for this router arriving on dp0p1p2.

vyatta@R1# set interfaces dataplane dp0p1p2 firewall in FWTEST-3

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1# show security firewall name FWTEST-3
name FWTEST-3 {
       rule 1 {
               action accept
               destination {
                       port telnet
               }
               protocol tcp
               source {
                       address 10.10.30.46
               }
       }
}
vyatta@R1# show interfaces dataplane dp0p1p2
dataplane dp0p1p2 {
       firewall {
               in FWTEST-3
       }
}