Nathan, The keyword is "all" instead of any.
Cheers, John ----- Original Message ----- From: "Nathan McBride" <[EMAIL PROTECTED]> To: Vyatta-users@mailman.vyatta.com Sent: Monday, January 28, 2008 9:12:41 AM (GMT-0800) America/Los_Angeles Subject: Re: [Vyatta-users] Firewall question. Also, when I try any it doesn't work... [EMAIL PROTECTED] commit [edit] Commit Failed invalid protocol "any" [EMAIL PROTECTED] set firewall name eth0-in rule 1 protocol ANY [edit] [EMAIL PROTECTED] commit [edit] Commit Failed invalid protocol "ANY" What am I doing wrong? Nate On Mon, 2008-01-28 at 08:05 -0800, Justin Fletcher wrote: > You shouldn't need the out rule; until a firewall is applied, > everything is accepted. > However, the simple rule is protocol any action accept. That should > do it if you > want to be thorough :-) > > Justin > > On Jan 28, 2008 7:28 AM, Nathan McBride <[EMAIL PROTECTED]> wrote: > > Hey guys, > > > > I just installed Vyatta and have it working. (big step for me) > > But I'm having some trouble. I first wanted to know if I should > > make the firewall using Vyatta's commands or just iptables? > > I tried iptables and it didn't seem to work. I added a rule to allow ssh > > but ssh couldn'g go through. So then I made one in Vyatta. Denied > > ping, enabled ssh, then applied it to the wan interface. Well that > > killed all network traffic so looking through the manual I saw that when > > I applied the IN rule for the interface I guess the out rule > > automatically got a deny everything since I didn't apply a rule to it. > > So, I needed to add a related and established rule to the in for the wan > > interface. I did (this is from memory): > > > > set firewall name eth0-in rule 1 action accept > > set firewall name eth0-in rule 1 state established enable > > set firewall name eth0-in rule 1 state related enable > > > > Then I was going to commit this but commit gave an error saying that > > protocol needed to be icmp. Once I had set that it errored saying > > protocol needed to be tcp... I'm really confused but I need to get a > > firewall up. > > > > Once this is done I was going make a rule for out on the wan interface > > to allow everything to go out. Is there a simple rule for this? > > > > Thanks, > > Nate > > > > > > _______________________________________________ > > Vyatta-users mailing list > > Vyatta-users@mailman.vyatta.com > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > -- John Gong, Systems Engineer (650) 350-3147 www.vyatta.com Welcome To the Dawn of Open Source Networking _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
