Access List Policy
Filtering is used for both input and output of the routing information. Once filtering is defined, it can be applied in any direction. VyOS makes filtering possible using acls and prefix lists.
Basic filtering can be done using access-list and access-list6.
Configuration
Access Lists
This command creates the new access list policy, where <acl_number> must be a number from 1 to 2699.
This command creates a new rule in the access list and defines an action.
This command defines matching parameters for access list rule. Matching criteria could be applied to destination or source parameters:
any: any IP address to match.
host: single host IP address to match.
inverse-match: network/netmask to match (requires network be defined).
network: network/netmask to match (requires inverse-match be defined).
IPv6 Access List
Basic filtering could also be applied to IPv6 traffic.
This command creates a new rule in the IPv6 access list and defines an action.
This command defines matching parameters for IPv6 access list rule. Matching criteria could be applied to source parameters:
any: any IPv6 address to match.
exact-match: exact match of the network prefixes.
network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6