1. Manuals
  2. Brands
  3. Brocade Communications Systems Manuals
  4. Network Router
  5. 5600 vRouter
  6. Configuration manual

Stateful Behavior; Configuring Stateful Behavior Per Rule Set - Brocade Communications Systems 5600 vRouter Configuration Manual

Hide thumbs Also See for 5600 vRouter:
Table of Contents

Advertisement

TABLE 9 Rejecting traffic based on groups of addresses, networks, and ports (continued)
Step
Specify a reject action within a firewall instance.
Specify an address group to match as a destination.
Specify a port group to match as a destination.
Commit the configuration.
Show the configuration.

Stateful behavior

Stateless firewalls filter packets in isolation, based on static source and destination information. In contrast, stateful firewalls track the
state of network connections and traffic flows and allow or restrict traffic based on whether its connection state is known and authorized.
For example, when an initiation flow is allowed in one direction, the responder flow is automatically and implicitly allowed in the return
direction.
By default, the vRouter firewall is stateless. If you want the firewall to operate statefully, you have two choices:
You can leave the firewall operating statelessly in general and specify stateful behavior per rule set by configuring state rules
within the rule set. This configuration is described in
You can enable global stateful behavior by configuring global state policies. This configuration is described in
global state policies

Configuring stateful behavior per rule set

Even if you want the firewall to operate statelessly in general, you can still configure state rules within a specific rule set.
Brocade 5600 vRouter Firewall Configuration Guide
53-1004253-01
on page 30.
Command
address-group SERVERS {
address 10.0.10.0/24
address 1.1.1.7
}
port-group PORTS {
port 22
port http
}
}
vyatta@R1#
vyatta@R1# set security firewall name REJECT-
GROUPS rule 10 action drop
vyatta@R1# set security firewall name REJECT-
GROUPS rule 10 destination address SERVERS
vyatta@R1# set security firewall name REJECT-
GROUPS rule 10 destination port PORTS
vyatta@R1# commit
vyatta@R1# show security firewall name REJECT-
GROUPS
rule 10{
action drop
destination {
address SERVERS
port PORTS
}
source {
address SERVERS
}
}
vyatta@R1#
Configuring stateful behavior per rule set
Configuration Examples
on page 29.
Configuring
29

Advertisement

Table of Contents
loading

Related Manuals for Brocade Communications Systems 5600 vRouter

Related Content for Brocade Communications Systems 5600 vRouter

Table of Contents