Firewall groups

Vyatta supports groups of IP addresses, subnets or ports for usage in firewall rules. Currently groups are supported for IPv4 only.

Here is an example: vyatta@vDUT# show firewall group { address-group servers { address 1.1.1.1-1.1.1.5 address 1.1.1.7 address 3.3.3.3 description "My set of blocked servers" }    network-group good-nets { description "nets to allows" network 15.0.0.0/24 }    port-group bad-ports { description "list of ports to block" port 22 port 23 port ftp port 1000-2000 } } After your groups created, you may use them in firewall rules, like this: name FW1 { rule 10 { action reject destination { group { address-group servers port-group bad-ports }        }         source { group { network-group good-nets }        }     } }

Cateogyr: Firewall