ACCESS LIST - FIREWALL RULES


#1

does anybody know how to use the access-list on VyOs? I’ve already search examples but I didn’t have luck.
In the other hand I saw examples of using firewall rules instead of access list, I don’t know what to use.

sorry if my question is too easy, I’m new with vyos.

Thanks for your time


#2

I would use firewalls, more flexible.


#3

more flexible but i have a lot of problem for my usage, Vyos after firewall

Firewall <—> VYOS

VYOS ---- VLAN for firewall
|---------- VLAN01
|---------- VLAN02

With Vyos firewall we can’t create rules who match interface, just network and it is very limited

If i want VLAN01 have internet i have to authorize to 0.0.0.0/0 but VLAN01 will be allowed to access VLAN02 with this rule.

So you will tell me to use the zone policy :smiley: But all my VLAN talk with lot of VLAN then ultimately we must make one firewall for all zones. Hard to manage !

And with this strategy i have problem with Ping and SSH ^^

  • all VLAN can ping other vlan or if i “all-ping disable” noboy can ping her interface.
  • For SSH I just want him to answer to a network source, i configure “listen-address” but the ssh daemon continues to respond on each interface -_-

#4

Just add a deny for VLAN02 networks? Admittedly, gets a little cumbersome of you have many subnets on each VLAN.