From c385eb2e34c0c79bdc8ea02ac654b2a4fa39f13d Mon Sep 17 00:00:00 2001
From: lavado <glavado@whitestack.com>
Date: Sun, 31 May 2020 23:32:25 +0200
Subject: [PATCH] Update README.md for VyOS configuration

---
 magma/README.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/magma/README.md b/magma/README.md
index b173469f..af10e079 100644
--- a/magma/README.md
+++ b/magma/README.md
@@ -65,6 +65,19 @@ Finally, a Day-2 primitive must be executed against the PNF (VyOS) to allow traf
 
 With this, the UE machine will have access to Internet through the AGW and then the VyOS PNF.
 
+This works because the VyOS Router is pre-configured to deny all traffic unless explicitely added to a MAGMA_AGW group:
+
+```
+set firewall group network-group MAGMA_AGW network 192.168.239.10 # this rule is added by the primitive
+
+set firewall name MAGMA_FW default-action drop
+set firewall name MAGMA_FW rule 10 action accept
+set firewall name MAGMA_FW rule 10 source group network-group MAGMA_AGW
+
+set interfaces ethernet eth1 firewall in name MAGMA_FW
+```
+
+
 ## Additional tests
 
 ### Web Proxy service
-- 
GitLab