Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

security zone-policy zone <zone>

Defines a security zone policy.

set security zone-policy zone zone
delete security zone-policy zone [ zone ]
show security zone-policy
zone
The name of a security zone.

You can define more than one security zone by creating more than one zone-policy zone configuration node.

Configuration mode


security {
    zone-policy {
        zone zone {
        }
    }
}

In the vRouter, a zone is defined as a group of interfaces that have the same security level. After a zone is defined, firewall rule sets can be applied to traffic flowing between zones.

By default, traffic to a zone is dropped unless a policy has been defined for the zone sending the traffic. Traffic flowing within a zone is not filtered.

When defining a zone, keep the following in mind:

  • An interface can be a member of only one zone.
  • An interface that is a member of a zone cannot have a firewall rule set directly applied to it.
  • For interfaces not assigned to a zone, traffic is unfiltered by default. These interfaces can have rule sets directly applied to them.

Use the set form of this command to define a security zone.

Use the delete form of this command to delete a security zone.

Use the show form of this command to display the configuration of a security zone. See show zone-policy.