Vyatta – How to create a Firewall Policy

Within this article we will show you how to create a firewall policy for a Brocade Vyatta router. Firewalls policies are created much like any other device, using a combination such  source IP , destination IP etc etc. Once created it is then applied to an interface.

Group Types

There are 3 types of groups they are address groups, network groups and port-groups.

Address group – groups a IPs and IP ranges.

set firewall group address-group ADDGROUP address x.x.x.x|x.x.x.x-x.x.x.x

Network group – groups networks.

set firewall group network-group NETGROUP x.x.x.x/x

Port group – groups ports or port-ranges

set firewall group port-group PORTGROUP x|x-x

Create Firewall Policy

When creating a firewall policy there is a huge range of options. In this example we will provide the main 4. Action, source, destination and protocol.

set firewall name OUTSIDE rule 10 action accept
set firewall name OUTSIDE rule 10 source (x.x.x.x|address-group <GROUP>|network-group <GROUP>)
set firewall name OUTSIDE rule 10 destination (x.x.x.x|address-group <GROUP>|network-group <GRO
UP>|port-group <GROUP>)
set firewall name OUTSIDE rule 10 protocol (tcp_udp|all)

Assign to Interface

Next the firewall policy is assigned to an interface. To confirm the interface mappings i.e eth3 equals OUTSIDE. Run the command show interfaces.

set interfaces ethernet eth0 firewall in name 'OUTSIDE'


Finally save your changes. This is a 2 step process. First we save the changes to the save config and then we commit the changes to the running configuration.

save - save to saved config commit - commit to running config


Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial