home

Supported platforms

Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Matching groups

Groups of addresses, ports, and networks can be defined for similar filtering. For example, to create a rule that rejects traffic to a group of addresses and ports and from a group of networks, perform the following steps in configuration mode.

Table 1. Rejecting traffic based on groups of addresses, networks, and ports
Step Command

Add an address to an address group.

vyatta@R1# set resources group address-group SERVERS address 1.1.1.7

Add a network to a address group.

vyatta@R1# set resources group address-group SERVERS address 10.0.10.0/24

Add port 22 and ports 1000 through 2000 to the PORTS port group.

vyatta@R1# set resources group port-group PORTS port 22
vyatta@R1# set resources group port-group PORTS port 1000-2000

Add a port name to the PORTS port group.

vyatta@R1# set resources group port-group PORTS port http

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1# show resources

group {
    address-group SERVERS {
        address 10.0.10.0/24
        address 1.1.1.7
    }
    port-group PORTS {
        port 22
        port 1000-2000
        port http
    }
}
vyatta@R1# 
                            
                            

Specify a reject action within a firewall instance.

vyatta@R1# set security firewall name REJECT-GROUPS rule 10 action drop
Specify the protocol.
vyatta@R1# set security firewall name REJECT-GROUPS rule 10 protocol tcp

Specify an address group to match as a destination.

vyatta@R1# set security firewall name REJECT-GROUPS rule 10 destination address SERVERS

Specify a port group to match as a destination.

vyatta@R1# set security firewall name REJECT-GROUPS rule 10 destination port PORTS
Specify an address group to match as a source.
vyatta@R1# set security firewall name REJECT-GROUPS rule 10 source address SERVERS

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1# show security firewall name REJECT-GROUPS

name REJECT-GROUPS {
    rule 10{
        action drop
        destination {
            address SERVERS
            port PORTS
        }
        protocol tcp
        source {
            address SERVERS
        }
    }
}
vyatta@R1#