Filtering on source MAC address

The following example shows how to define a firewall instance that contains one rule, which filters packets only on source medium access control (MAC) address. This rule allows packets coming from a specific computer, identified by its MAC address rather than its IP address. The instance is applied to packets inbound on the dp0p1p1 interface.

To create an instance that filters on source MAC address, perform the following steps in configuration mode.

Table 1. Filtering on source MAC address
Step	Command
Create the configuration node for the FWTEST-5 firewall instance and its rule 1. This rule accepts traffic matching the specified criteria.	`vyatta@R1# set security firewall name FWTEST-5 rule 1 action accept`
Define a rule that filters traffic with the 00:13:ce:29:be:e7 source MAC address.	`vyatta@R1# set security firewall name FWTEST-5 rule 1 source mac-address 00:13:ce:29:be:e7`
Apply FWTEST-5 to inbound packets on dp0p1p1.	`vyatta@R1# set interfaces dataplane dp0p1p1 firewall in FWTEST-5`
Commit the configuration.	`vyatta@R1# commit`
Show the configuration.	`vyatta@R1# show security firewall name FWTEST-5 name FWTEST-5 [ rule 1 { action accept source { mac-address 0:13:ce:29:be:e7 } } } vyatta@R1# show interfaces dataplane dp0p1p1 dataplane dp0p1p1 { address 172.16.1.1/24 firewall { in FWTEST-5 } }`

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Filtering on source MAC address

Helpful Links

Key Resources