1.4 interface-firewall-out-name not working

Zamp · October 21, 2021, 12:23pm

Rolling 1.4 (2021-10-13)
I try to drop ping traffic by the firewall-out rule, but it’s not working. The rule works OK as firewall-local though:
rule 20 {
action drop
description “TEST”
protocol icmp}

Viacheslav · October 21, 2021, 1:02pm

Output is used for FORWARD chain. It is described in our Documentation
If you want to disable ping from the local router you may use Zone-policy firewall

Zamp · October 21, 2021, 2:39pm

Thank you! Can you give me example how use zone-policy ruleset to disable ping from router? My ruleset was like this:
default-action accept
rule 20 {
action drop
description “TEST: hide beacons”
destination {
address 4.2.2.0/30
}
protocol icmp
}

Viacheslav · October 21, 2021, 5:12pm

Zone-policy Zone Policy — VyOS 1.3.x (equuleus) documentation

system · October 23, 2021, 5:12pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.