show configuration commands
root@vyos:/home/vyos# show configuration commands
set firewall group address-group eip-group address '10.8.219.183'
set firewall group address-group eip-group address '10.8.219.124'
set firewall name eth0.in default-action 'reject'
set firewall name eth0.in rule 4000 action 'accept'
set firewall name eth0.in rule 4000 state established 'enable'
set firewall name eth0.in rule 4000 state related 'enable'
set firewall name eth0.in rule 4001 action 'accept'
set firewall name eth0.in rule 4001 protocol 'icmp'
set firewall name eth0.in rule 9999 action 'accept'
set firewall name eth0.in rule 9999 state new 'enable'
set firewall name eth0.local default-action 'reject'
set firewall name eth0.local rule 1 action 'accept'
set firewall name eth0.local rule 1 destination address '192.168.8.204'
set firewall name eth0.local rule 1 state established 'enable'
set firewall name eth0.local rule 1 state related 'enable'
set firewall name eth0.local rule 2 action 'accept'
set firewall name eth0.local rule 2 destination address '192.168.8.204'
set firewall name eth0.local rule 2 protocol 'icmp'
set firewall name eth0.local rule 3 action 'accept'
set firewall name eth0.local rule 3 destination address '192.168.8.204'
set firewall name eth0.local rule 3 destination port '22'
set firewall name eth0.local rule 3 protocol 'tcp'
set firewall name eth0.local rule 4 action 'accept'
set firewall name eth0.local rule 4 description 'management-port-rule'
set firewall name eth0.local rule 4 destination address '192.168.8.204'
set firewall name eth0.local rule 4 destination port '7272'
set firewall name eth0.local rule 4 protocol 'tcp'
set firewall name eth1.in default-action 'reject'
set firewall name eth1.in rule 1 action 'accept'
set firewall name eth1.in rule 1 description 'IPSEC-c23238c420114233b207ddfffdee4bbb-10.0.161.1/24'
set firewall name eth1.in rule 1 source address '10.0.161.1/24'
set firewall name eth1.in rule 1 state established 'enable'
set firewall name eth1.in rule 1 state new 'enable'
set firewall name eth1.in rule 1 state related 'enable'
set firewall name eth1.in rule 4000 action 'accept'
set firewall name eth1.in rule 4000 state established 'enable'
set firewall name eth1.in rule 4000 state related 'enable'
set firewall name eth1.in rule 4001 action 'accept'
set firewall name eth1.in rule 4001 protocol 'icmp'
set firewall name eth1.in rule 4002 action 'accept'
set firewall name eth1.in rule 4002 description 'PF-172.24.239.90-333-333-fa:fb:f3:01:0d:03-22-22-TCP'
set firewall name eth1.in rule 4002 destination address '10.8.219.196'
set firewall name eth1.in rule 4002 destination port '22'
set firewall name eth1.in rule 4002 protocol 'tcp'
show configuration
root@vyos:/home/vyos# show configuration
firewall {
group {
address-group eip-group {
address 10.8.219.183
address 10.8.219.124
}
}
name eth0.in {
default-action reject
rule 4000 {
action accept
state {
established enable
related enable
}
}
rule 4001 {
action accept
protocol icmp
}
rule 9999 {
action accept
state {
new enable
}
}
}
name eth0.local {
default-action reject
rule 1 {
action accept
destination {
address 192.168.8.204
}
state {
established enable
related enable
}
}
rule 2 {
action accept
destination {
address 192.168.8.204
}
protocol icmp
}
rule 3 {
action accept
destination {
address 192.168.8.204
port 22
}
protocol tcp
}
rule 4 {
action accept
description management-port-rule
destination {
address 192.168.8.204
port 7272
}
protocol tcp
}
}
iptables-save
root@vyos:/home/vyos# iptables-save
# Generated by iptables-save v1.4.12.2 on Tue Apr 14 15:57:24 2020
*mangle
:PREROUTING ACCEPT [271509:73740344]
:INPUT ACCEPT [166463:67078153]
:FORWARD ACCEPT [564:61708]
:OUTPUT ACCEPT [87246:12820229]
:POSTROUTING ACCEPT [87810:12881937]
-A PREROUTING -m comment --comment Zs-Pr-Default-Rules -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -m comment --comment Zs-Pr-Default-Rules -m mark ! --mark 0x0 -j ACCEPT
COMMIT
# Completed on Tue Apr 14 15:57:24 2020
# Generated by iptables-save v1.4.12.2 on Tue Apr 14 15:57:24 2020
*nat
:PREROUTING ACCEPT [27169:4283670]
:INPUT ACCEPT [179:11602]
:OUTPUT ACCEPT [9269:558287]
:POSTROUTING ACCEPT [3121:189407]
:VYATTA_PRE_DNAT_HOOK - [0:0]
:VYATTA_PRE_SNAT_HOOK - [0:0]
-A PREROUTING -j VYATTA_PRE_DNAT_HOOK
-A PREROUTING -d 172.24.239.90/32 -p tcp -m tcp --dport 333 -m comment --comment DST-NAT-1 -j DNAT --to-destination 10.8.219.196:22
-A PREROUTING -d 172.31.6.12/32 -p tcp -m tcp --dport 44 -m comment --comment DST-NAT-2 -j DNAT --to-destination 10.8.219.183:22
-A PREROUTING -d 172.24.239.91/32 -m comment --comment DST-NAT-3 -j DNAT --to-destination 10.8.219.183
-A PREROUTING -d 172.31.6.13/32 -m comment --comment DST-NAT-4 -j DNAT --to-destination 10.8.219.124
-A POSTROUTING -j VYATTA_PRE_SNAT_HOOK
-A POSTROUTING -s 10.8.219.0/24 -d 10.0.161.0/24 -o eth1 -m comment --comment SRC-NAT-1 -j RETURN
-A POSTROUTING -s 10.8.219.183/32 -o eth1 -m comment --comment SRC-NAT-1024 -j SNAT --to-source 172.24.239.91
-A POSTROUTING -s 10.8.219.124/32 -o eth1 -m comment --comment SRC-NAT-1025 -j SNAT --to-source 172.31.6.13
-A POSTROUTING -s 10.8.219.0/24 ! -d 224.0.0.0/8 -o eth3 -m comment --comment SRC-NAT-9992 -j SNAT --to-source 172.24.239.100
-A POSTROUTING -s 10.8.219.0/24 ! -d 224.0.0.0/8 -o eth1 -m comment --comment SRC-NAT-9993 -j SNAT --to-source 172.24.239.100
-A VYATTA_PRE_DNAT_HOOK -j RETURN
-A VYATTA_PRE_SNAT_HOOK -j RETURN
COMMIT
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成��,瀏覽時請結(jié)合常識與多方信息審慎甄別���。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點�,簡書系信息發(fā)布平臺,僅提供信息存儲服務����。
