Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Configuring stateful behavior per rule set

Even if you want the firewall to operate statelessly in general, you can still configure state rules within a specific rule set.

The following example shows how to configure a rule in the TEST1 firewall rule set. Rule 1 accepts stateful traffic flows and allows related flows for the ALGs that are enabled.

To configure per-rule set state rules, perform the following steps in configuration mode.

Table 1. Creating a per-rule set state rule
Step Command

Create the configuration node for the TEST1 rule set and give a description for the rule set.

vyatta@R1# set security firewall name TEST1 description "Filter traffic statefully"

Create a state rule that allows only established and related traffic.

vyatta@R1# set security firewall name TEST1 rule 1 action accept

vyatta@R1# set security firewall name TEST1 rule 1 state enable

Commit the configuration.

vyatta@R1# commit

Show the firewall configuration.

vyatta@R1# show security firewall name TEST1
description "Filter traffic statefully"
rule 1 {
    action accept
    state enable
}