Excluding An Address - Brocade Communications Systems 5600 vRouter Configuration Manual
Hide thumbs
Also See for 5600 vRouter:
- Configuration manual (187 pages) ,
- Reference manual (124 pages) ,
- Quick start manual (48 pages)
Table of Contents
Advertisement
Excluding an address
The firewall rule shown in the following example allows all traffic from the 172.16.1.0/24 network except traffic to the 192.168.1.100 server.
FIGURE 4 Excluding an address
To create an instance that excludes an address, perform the following steps in configuration mode.
TABLE 6 Excluding an address
Step
Create the configuration node for the FWTEST-5 firewall instance and its
rule 10. Give a description for the rule.
Allow all traffic that matches the rule to be accepted.
Allow any traffic from the 172.16.1.0/24 network that matches the rule to be
accepted.
Allow traffic destined anywhere except the 192.168.1.100 destination
address that matches the rule to be accepted.
Apply the NEGATED-EXAMPLE instance to inbound packets on dp0p1p1.
Commit the configuration.
26
Command
vyatta@R1# set security firewall name NEGATED-
EXAMPLE rule 10 description "Allow all traffic
from LAN except to server 192.168.1.100"
vyatta@R1# set security firewall name NEGATED-
EXAMPLE rule 10 action accept
vyatta@R1# set security firewall name NEGATED-
EXAMPLE rule 10 source address 172.16.1.0/24
vyatta@R1# set security firewall name NEGATED-
EXAMPLE rule 10 destination address !192.168.1.100
vyatta@R1#
set interfaces dataplane dp0p1p1 firewall in
NEGATED-EXAMPLE
vyatta@R1# commit
Brocade 5600 vRouter Firewall Configuration Guide
Configuration Examples
53-1004253-01
Advertisement
Table of Contents
