Hi zscd, I change default-action to accept, like below:
show firewall name blockbgp
Rulesets Information
IPv4 Firewall “blockbgp”:
Active on (bond1,LOCAL) (bond1.100,LOCAL) (eth4,LOCAL) (eth8,LOCAL)
rule action proto packets bytes
1 drop tcp_udp 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 tcp spt:179
2 drop tcp_udp 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 tcp dpt:179
10000 accept all 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0
name blockbgp {
default-action accept
rule 1 {
action drop
protocol tcp_udp
source {
port 179
}
}
rule 2 {
action drop
destination {
port 179
}
protocol tcp_udp
But not working yet. Maybe something about local scope, right?
Look the interfaces:
bonding bond1 {
description “LACP Customers 20Gbps”
firewall {
local {
name blockbgp
}
}
hash-policy layer2
On bond1 interface, I have the VIFs of customers
ethernet eth4 {
bond-group bond1
description "New 10Gbps BGP LAN /29 Vyatta@20Gbps"
duplex auto
firewall {
local {
name blockbgp
}
}
ethernet eth8 {
bond-group bond1
description "New 10Gbps BGP LAN /29 Vyatta@20Gbps"
duplex auto
firewall {
local {
name blockbgp
}
}