Are my firewall rules being applied?


#1

We had someone configure Vyatta for us as a firewall. I can see the definition for the firewall rules in the config but I cannot see where they are actually being applied. I think they need to be applied to either the bond1 or the eth1 (external) interface?

Eg firewall rule:

firewall {
    name SERVICE-ALLOW {
        rule 15 {
            action accept
            destination {
                address 10.66.60.41
                port 2525,443,80
            }
            protocol tcp
        }

Interface config: (eth1)

    ethernet eth1 {
        bond-group bond1
        hw-id 00:25:90:74:ab:87
        speed auto
    }

And the bonding interface:

    bonding bond1 {
        address 119.x.y.z/29
        address 2401:xxx:yyy:zzz:0000:0000:0000:0003/64
        hash-policy layer3+4
        mode 802.3ad
        vif 2148 {
            address 119.xx.yy.zz/29
            address 119.xx.yy.zz/29
            address 119.xx.yy.zz/29
            address 119.xx.yy.zz/29
        }

I think what I need to do is something like this to actually apply the rules:

set interfaces ethernet eth1 firewall in name SERVICE-ALLOW

Can someone with some experience in vyatta please confirm this for me?

And also confirm if they should be applied to bond1 or eth1?

many thanks in anticipation,


#2

Yes you’re right the firewall instance must be applied to the interface to be effective.

Logically it should be applied to interface bond1 , but I recommand you test the result.