8
allow
any
condition - stateful to { 20.20.20.0/24 }
---------------------------------------
Rulesets Information: Firewall
---------------------------------------
--------------------------------------------------------------------------------
Firewall "default_state_group":
Active on (dp0p192p1)
rule
action
proto
----
------
-----
100
allow
tcp
condition - stateful proto tcp all
200
allow
udp
condition - stateful proto udp all
300
allow
icmp
condition - stateful proto icmp all
Showing firewall configuration on interfaces
The following example shows how to apply the FWTEST-1 firewall instance to the dp0p1p1 interface.
vyatta@R1# set interfaces dataplane dp0p1p1 firewall in FWTEST-1
Showing firewall configuration
You can view firewall information in configuration nodes by using the show command in configuration mode. The following example
shows how to display firewall configuration in configuration mode with
vyatta@R1# show security firewall
name FWTEST-1 {
rule 1 {
action accept
source {
address 172.16.0.26
}
}
}
name FWTEST-2 {
rule 1 {
action accept
destination {
address 10.10.40.101
}
source {
address 10.10.30.46
}
}
}
name FWTEST-3 {
rule 1 {
action accept
destination {
port telnet
}
protocol tcp
source {
address 10.10.30.46
}
}
}
name FWTEST-4 {
rule 1 {
action accept
Brocade 5600 vRouter Firewall Configuration Guide
53-1004253-01
0
0
packets
bytes
-------
-----
0
0
0
0
0
0
security firewall
on page 43.
Configuration Examples
39