Blog

Vyatta – Firewall Group – network, ip, port Vyatta 6

set firewall group network-group ALOW-NETWORK network 93.155.130.0/24
set firewall group network-group ALOW-NETWORK network 93.155.131.0/24
set firewall group network-group ALOW-NETWORK network 93.155.162.0/24
set firewall name eth0local rule 10 action accept
set firewall name eth0local rule 10 source group network-group ALOW-NETWORK
 
set firewall group address-group ALOW-IP address 213.91.213.195
set firewall group address-group ALOW-IP address 10.18.5.55
set firewall group address-group ALOW-IP address 192.168.100.25
set firewall name eth0local rule 20 action accept
set firewall name eth0local rule 20 source group address-group ALOW-IP
 
set firewall group port-group ALOW-PORT port 22
set firewall group port-group ALOW-PORT port 443
set firewall name eth0local rule 30 action accept
set firewall name eth0local rule 30 destination group port-group ALOW-PORT
set firewall name eth0local rule 30 source address 212.233.128.0/17
 
set interfaces ethernet eth0 firewall local name eth0local
 
vyatta@core2# show firewall
 group {
     address-group ALOW-IP {
         address 213.91.213.195
         address 10.18.5.55
         address 192.168.100.25
     }
     network-group ALOW-NETWORK {
         network 93.155.130.0/24
         network 93.155.131.0/24
         network 93.155.162.0/24
     }
     port-group ALOW-PORT {
         port 22
         port 443
     }
 }
 name eth0local {
     rule 10 {
         action accept
         source {
             group {
                 network-group ALOW-NETWORK
             }
         }
     }
     rule 20 {
         action accept
         source {
             group {
                 address-group ALOW-IP
             }
         }
     }
     rule 30 {
         action accept
         destination {
             group {
                 port-group ALOW-PORT
             }
         }
         source {
             address 212.233.128.0/17
         }
     }
 }
[edit]
 
vyatta@core2# sudo su
core2:/home/vyatta# iptables -nvL
Chain eth0local (1 references)
 pkts bytes target     prot opt in     out     source               destination
  458 34638 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           /* eth0local-10 */ match-set ALOW-NETWORK src
   19  1596 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           /* eth0local-20 */ match-set ALOW-IP src
   17  2012 RETURN     all  --  *      *       212.233.128.0/17     0.0.0.0/0           /* eth0local-30 */ match-set ALOW-PORT dst
  804 71243 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           /* eth0local-10000 default-action drop */
Tags: , , , , , , ,

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.