Using firewall with VRRP interfaces
A Virtual Router Redundancy Protocol (VRRP) interface is a logical abstraction that allows the system to implement RFC 3768-compliant MAC address behavior. VRRP can be configured with or without VRRP interfaces. To achieve the expected results when filtering traffic, it is important to understand how traffic flows on systems that use VRRP.
- If no VRRP interface is designed, traffic flows in and out through a physical interface or virtual interface.
- If a VRRP interface is designed, traffic flows in through the VRRP interface and out through the physical interface or virtual interface.
This traffic flow affects how you design and attach firewall rule sets.