home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailSupported platforms

Firewall Commands

security firewall name <name> rule <rule-number> source <source>

Defines the source address, MAC address, or source port for a firewall rule.

set security firewall name name rule rule-number source { address address | mac-address address | port port }
delete security firewall name name rule rule-number source [ address address | mac-address address | port port ]
show security firewall name name rule rule-number source
name
The name of a firewall rule set.
rule-number
The numeric identifier of a rule. The identifier ranges from 1 through 9999.
address address
Specifies a source address to match. Address formats are as follows:

ip-address: An IPv4 address.

ip-address/prefix: A network address, where 0.0.0.0/0 matches any network.

ip-address-ip-address —A range of contiguous IP addresses; for example, 192.168.1.1-192.168.1.150.

!ip-address: All IP addresses except the one specified.

!ip-address/prefix: All network addresses except the one specified.

ipv6-address: An IPv6 address; for example, fe80::20c:29fe:fe47:f89.

ipv6-address/prefix: A network address, where ::/0 matches any network; for example, fe80::20c:29fe:fe47:f88/64.

!ipv6-address: All IP addresses except the one specified.

!ipv6-address/prefix: All network addresses except the one specified.

!ip-address-ip-address: All IP addresses except those in the specified range.

address-group: The name of an address group containing a list of addresses to match.

When both an address and a port are specified, the packet is considered a match only if both the address and the port match.

mac-address address
Matches the media access control (MAC) address in the source address. The address format is six 8-bit numbers, separated by colons, in hexadecimal; for example, 00:0a:59:9a:f2:ba.
port port
Specifies a source port to match. Port formats are as follows:

port-name: The name of an IP service; for example, http. You can specify any service name in the /etc/services file.

port-number: A port number. The number ranges from 1 through 65535.

start-end: A range of ports; for example, 1001-1005.

port-group: The name of a port group containing a list of ports to match.

When both an address and a port are specified, the packet is considered a match only if both the address and the port match.

Configuration mode 


security {
    firewall {
        name name {
            rule rule-number 
                source {
                    address address
                    mac-address address
                    port port
            }
        }
    }
}

Use the set form of this command to define a source address, MAC address, or source port within a firewall rule.

Use the delete form of this command to delete a source address, MAC address, or source port from a firewall rule.

Use the show form of this command to display a source address, MAC address, or source port from a firewall rule.

Last updated: May 7, 2021