Hello,
does anyone know if firewall works in an output mirror interface. I have set some rules to drop tcp in eth10 and eth11 that are mirror interfaces but the firewall rules don’t work and tcp packets are not dropped.
vyos@vyos# show firewall name mirror-dest
rule 2 {
action drop
protocol tcp
}
[edit]
vyos@vyos# show firewall name mirror-orig
rule 1 {
action drop
protocol tcp
}
[edit]
vyos@vyos# show interfaces ethernet eth11
address 10.51.241.21/28
duplex auto
firewall {
in {
name mirror-orig
}
out {
name mirror-orig
}
}
vyos@vyos# show interfaces ethernet eth10
address 10.51.241.5/28
duplex auto
firewall {
in {
name mirror-dest
}
out {
name mirror-dest
}
}
Thanks and BR/
Cristina