Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

security firewall name <name> rule <rule-number> mark <action>

Specifies the DSCP or Priority Code Point (PCP) packet marking action for a firewall rule.

set security firewall name name rule rule-number mark { dscp dscp-value | pcp pcp-number }
delete security firewall name name rule rule-number mark [ dscp | pcp ]
show security firewall name name rule rule-number mark
name
The name of a firewall rule set.
rule-number
The numeric identifier of a rule. The identifier ranges from 1 through 9999.
dscp dscp-value
Specifies the DSCP value. For the value, enter one of the following:

number: A DSCP number ranges from 0 through 63. DSCP matches packets with headers that include this DSCP value. If this option is not set, the DSCP field retains its original value.

classifier: The traffic classifier for the per-hop behavior defined by the DS field in the IP header.

  • default: The Default Class (00000) for best-effort traffic.
  • afnumber: the Assured Forwarding Class for assurance of delivery as defined in RFC 2597. Depending on the forwarding class and the drop precedence, the class can be one of the following values: af11 through af13, af21 through af23, af31 through af33, or af41 through af43.
  • csnumber: Class Selector for network devices that use the Precedence field in the IPv4 header. The number ranges from 1 to 7 and indicates the precedence, for example cs1.
  • ef: Expedited Forwarding, Per-Hop Behavior.
  • va: Voice Admit, Capacity-Admitted Traffic.
pcp pcp-number
The 802.1 priority-code point number. The number can range from 0 through 7.

Configuration mode


security {
    firewall {
        name name {
            rule rule-number {
                mark {
                    dscp dscp-value
                    pcp pcp-number
                }
            }
        }
    }
}

Use the set form of this command to define the packet marking action within a firewall rule.

Use the delete form of this command to delete the packet marking action within a firewall rule.

Use the show form of this command to display the packet marking action within a firewall rule.