We had someone configure Vyatta for us as a firewall. I can see the definition for the firewall rules in the config but I cannot see where they are actually being applied. I think they need to be applied to either the bond1 or the eth1 (external) interface?
Eg firewall rule:
firewall {
name SERVICE-ALLOW {
rule 15 {
action accept
destination {
address 10.66.60.41
port 2525,443,80
}
protocol tcp
}
Interface config: (eth1)
ethernet eth1 {
bond-group bond1
hw-id 00:25:90:74:ab:87
speed auto
}
And the bonding interface:
bonding bond1 {
address 119.x.y.z/29
address 2401:xxx:yyy:zzz:0000:0000:0000:0003/64
hash-policy layer3+4
mode 802.3ad
vif 2148 {
address 119.xx.yy.zz/29
address 119.xx.yy.zz/29
address 119.xx.yy.zz/29
address 119.xx.yy.zz/29
}
I think what I need to do is something like this to actually apply the rules:
set interfaces ethernet eth1 firewall in name SERVICE-ALLOW
Can someone with some experience in vyatta please confirm this for me?
And also confirm if they should be applied to bond1 or eth1?
many thanks in anticipation,