Creating a rule set for traffic to the private zone

The next step, shown in the following example, creates a rule set for traffic to the private zone.

Note that this rule set includes state rules specifically allowing traffic from existing and related connections. This rule is required in this scenario for the following reasons:

The rule set from the public zone to the DMZ accepts all traffic for HTTP, HTTPS, FTP, SSH, and Telnet as well as all ICMP traffic.
The rule set from the private zone to the DMZ accepts HTTP, HTTPS and ICMP traffic only.

To configure this rule set, perform the following steps in configuration mode.

Table 1. Creating the rule set for traffic to the private zone
Step	Command
Create the configuration node for the to_private rule set and give a description for the rule set.	`vyatta@R1# set security firewall name to_private description "filter traffic to PRIVATE zone"`
Create a rule to allow only established and related traffic to the private zone. This means that only traffic initiated in the private zone or traffic related to established connections (such as FTP data connections or ICMP messages associated with a flow) are allowed.	`vyatta@R1# set security firewall name to_private rule 1 action accept vyatta@R1# set security firewall name to_private rule 1 state established enable vyatta@R1# set security firewall name to_private rule 1 state related enable vyatta@R1# set security firewall name to_private rule 1 protocol all`
Commit the configuration.	`vyatta@R1# commit`
Show the firewall configuration.	`vyatta@R1# show security firewall name to_private description "filter traffic to PRIVATE zone" rule 1 { action accept protocol all state { established enable related enable } }`

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Creating a rule set for traffic to the private zone

Helpful Links

Key Resources