You also need to apply the firewall rules to an interface, as in
firewall {
in {
name: "inbound"
}
local {
name: "inbound"
}
}
In the above case, it's for inbound traffic, and traffic destined for
the router itself.
Also remember that traffic will flow in both directions, unless you
just want to block the inbound traffic from the development network.
Your current rule 4 prevents new connections - as well as everything else ;-)
Looks like your rules 1-3 should have the matching source and
destination networks as rule 4; otherwise, that inbound traffic will
only match rule 4, and not match one of the earlier rules for
permitted traffic.
Best,
Justin
You can do a "show firewall" to see the rules on the system, as well
as enable logging for a rule to see where the traffic is being
dropped.
Justin
On Dec 6, 2007 3:42 PM, Lance Franklin <[EMAIL PROTECTED]> wrote:
> After reading through the Quick Guide to Configuration Statements, I see:
> state {
> established: [enable|disable]
> new: [enable|disable]
> related: [enable|disable]
> invalid: [enable|disable]
> }
>
> How can I add this to my rule 4 to prevent new connections to the work
> network from the development network?
>
> Would it be:
>
> rule 4 {
> description: "10.10.0.0/24"
> protocol: "all"
> state {
> new: enable
> }
> action: "drop"
> log: "disable"
> source {
> network: "10.20.0.0/24"
> }
> destination {
> network: "10.10.0.0/24"
> }
> }
>
>
>
>
>
>
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
