Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Filtering on source MAC address

The following example shows how to define a firewall instance that contains one rule, which filters packets only on source medium access control (MAC) address. This rule allows packets coming from a specific computer, identified by its MAC address rather than its IP address. The instance is applied to packets inbound on the dp0p1p1 interface.

To create an instance that filters on source MAC address, perform the following steps in configuration mode.

Table 1. Filtering on source MAC address
Step Command

Create the configuration node for the FWTEST-5 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.

vyatta@R1# set security firewall name FWTEST-5 rule 1 action accept

Define a rule that filters traffic with the 00:13:ce:29:be:e7 source MAC address.

vyatta@R1# set security firewall name FWTEST-5 rule 1 source mac-address 00:13:ce:29:be:e7

Apply FWTEST-5 to inbound packets on dp0p1p1.

vyatta@R1# set interfaces dataplane dp0p1p1 firewall in FWTEST-5

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1# show security firewall name FWTEST-5
name FWTEST-5 [
 rule 1 {
    action accept
    source {
        mac-address 0:13:ce:29:be:e7
    }
 }
}
vyatta@R1# show interfaces dataplane dp0p1p1
dataplane dp0p1p1 {
 address 172.16.1.1/24
 firewall {
     in FWTEST-5 
 }
}