2,187
edits
m (→Firewall: Added firewall command) |
m (→Firewall: Added firewall example) |
||
Line 41: | Line 41: | ||
=== Firewall === | === Firewall === | ||
If an interface has no firewall config, then it passes all traffic. Once any firewall config is applied then that interface acts as a firewall. | If an interface has no firewall config, then it passes all traffic. Once any firewall config is applied then that interface acts as a firewall. | ||
{| cellpadding="4" cellspacing="0" border="1" | |||
|- | |||
! Command !! Description | |||
|- | |||
| <code>delete firewall name home_in rule 5</code> || Delete firewall rule no 5 | |||
|} | |||
<pre> | <pre> | ||
Line 65: | Line 73: | ||
</pre> | </pre> | ||
'''The firewall filters in both directions, in and out of the interface. Traffic has to be configured in both directions to work!''' Therefore its necessary to config as shown... | |||
<pre> | |||
vyatta@vyatta:~$ show firewall home_in | |||
Active on (eth0,OUT) | |||
State Codes: E - Established, I - Invalid, N - New, R - Related | |||
rule action source destination proto state | |||
---- ------ ------ ----------- ----- ----- | |||
5 ACCEPT 0.0.0.0/0 0.0.0.0/0 icmp any | |||
10 ACCEPT 0.0.0.0/0 88.221.188.7 tcp any | |||
dst ports: 443 | |||
11 ACCEPT 0.0.0.0/0 92.123.36.7 tcp any | |||
dst ports: 443 | |||
1025 DROP 0.0.0.0/0 0.0.0.0/0 all any | |||
vyatta@vyatta:~$ show firewall home_out | |||
Active on (eth0,IN) | |||
State Codes: E - Established, I - Invalid, N - New, R - Related | |||
rule action source destination proto state | |||
---- ------ ------ ----------- ----- ----- | |||
5 ACCEPT 0.0.0.0/0 0.0.0.0/0 icmp any | |||
110 ACCEPT 88.221.188.7/32 0.0.0.0/0 tcp any | |||
src ports: 443 | |||
111 ACCEPT 92.123.36.7 0.0.0.0/0 tcp any | |||
src ports: 443 | |||
1025 DROP 0.0.0.0/0 0.0.0.0/0 all any | |||
</pre> |