Defining A Network-To-Network Filter - Brocade Communications Systems 5600 vRouter Configuration Manual

Hide thumbs Also See for 5600 vRouter:

Configuration manual (187 pages)

Reference manual (124 pages)

Quick start manual (48 pages)

Table Of Contents

100

101

102

103

104

105

106

page of 106

/ 106
Contents
Table of Contents
Bookmarks

Table of Contents

TABLE 3 Filtering on source IP and destination protocol (continued)

Step

Define a rule that filters traffic destined for the Telnet service.

Apply FWTEST-3 to packets bound for this router arriving on dp0p1p2.

Commit the configuration.

Show the configuration.

Defining a network-to-network filter

The following example shows how to define a network-to-network packet filter, allowing packets originating from 10.10.40.0/24 and

destined for 172.16.0.0/24. It then applies the firewall instance to packets inbound through the 40 virtual interface (vif 40) and the

dp0p1p2 interface.

To create a network-to-network filter, perform the following steps in configuration mode.

TABLE 4 Defining a network-to-network filter

Step

Create the configuration node for the FWTEST-4 firewall instance and its

rule 1. This rule accepts traffic matching the specified criteria.

Define a rule that filters traffic coming from the 10.10.40.0/24 network.

Define a rule that filters traffic destined for the 172.16.0.0/24 network.

Apply FWTEST-4 to packets bound for this router arriving through vif 40

on dp0p1p2.

Commit the configuration.

Show the configuration.

Command

vyatta@R1# set security firewall name FWTEST-3

rule 1 destination port telnet

vyatta@R1# set interfaces dataplane dp0p1p2

firewall in FWTEST-3

vyatta@R1# commit

vyatta@R1# show security firewall name FWTEST-3

rule 1 {

action accept

destination {

port telnet

}

protocol tcp

source {

address 10.10.30.46

}

vyatta@R1# show interfaces dataplane dp0p1p2

firewall {

in FWTEST-3

}

Command

vyatta@R1# set security firewall name FWTEST-4

rule 1 action accept

vyatta@R1# set security firewall name FWTEST-4

rule 1 source address 10.10.40.0/24

vyatta@R1# set security firewall name FWTEST-4

rule 1 destination address 172.16.0.0/24

vyatta@R1# set interfaces dataplane dp0p1p2 vif 40

firewall in FWTEST-4

vyatta@R1# commit

vyatta@R1# show security firewall name FWTEST-4

Brocade 5600 vRouter Firewall Configuration Guide

Configuration Examples

53-1004253-01

Table of Contents

Defining A Network-To-Network Filter - Brocade Communications Systems 5600 vRouter Configuration Manual

Defining a network-to-network filter

Related Manuals for Brocade Communications Systems 5600 vRouter

Related Content for Brocade Communications Systems 5600 vRouter

Table of Contents