more flexible but i have a lot of problem for my usage, Vyos after firewall
Firewall <—> VYOS
VYOS ---- VLAN for firewall
With Vyos firewall we can’t create rules who match interface, just network and it is very limited
If i want VLAN01 have internet i have to authorize to 0.0.0.0/0 but VLAN01 will be allowed to access VLAN02 with this rule.
So you will tell me to use the zone policy But all my VLAN talk with lot of VLAN then ultimately we must make one firewall for all zones. Hard to manage !
And with this strategy i have problem with Ping and SSH ^^
- all VLAN can ping other vlan or if i “all-ping disable” noboy can ping her interface.
- For SSH I just want him to answer to a network source, i configure “listen-address” but the ssh daemon continues to respond on each interface -_-