Vyatta - How to create a Firewall Policy
Within this article we will show you how to create a firewall policy for a Brocade Vyatta router. Firewalls policies are created much like any other device, using a combination such source IP , destination IP etc etc. Once created it is then applied to an interface.
There are 3 types of groups they are address groups, network groups and port-groups.
Address group - groups a IPs and IP ranges.
set firewall group address-group ADDGROUP address x.x.x.x|x.x.x.x-x.x.x.x
Network group - groups networks.
set firewall group network-group NETGROUP x.x.x.x/x
Port group - groups ports or port-ranges
set firewall group port-group PORTGROUP x|x-x
Create Firewall POlicy
When creating a firewall policy there is a huge range of options. In this example we will provide the main 4. Action, source, destination and protocol.
set firewall name OUTSIDE rule 10 action accept set firewall name OUTSIDE rule 10 source (x.x.x.x|address-group <GROUP>|network-group <GROUP>) set firewall name OUTSIDE rule 10 destination (x.x.x.x|address-group <GROUP>|network-group <GROUP>|port-group <GROUP>) set firewall name OUTSIDE rule 10 protocol (tcp_udp|all)
Assign to Interface
Next the firewall policy is assigned to an interface. To confirm the interface mappings i.e eth3 equals OUTSIDE. Run the command show interfaces.
set interfaces ethernet eth0 firewall in name 'OUTSIDE'
Finally save your changes. This is a 2 step process. First we save the changes to the save config and then we commit the changes to the running configuration.
save - save to saved config commit - commit to running config