ACCESS LIST - FIREWALL RULES

anrovere · June 10, 2015, 10:22pm

does anybody know how to use the access-list on VyOs? I’ve already search examples but I didn’t have luck.
In the other hand I saw examples of using firewall rules instead of access list, I don’t know what to use.

sorry if my question is too easy, I’m new with vyos.

Thanks for your time

microlinux · June 10, 2015, 11:04pm

I would use firewalls, more flexible.

ledistordu · June 29, 2015, 8:51am

more flexible but i have a lot of problem for my usage, Vyos after firewall

Firewall <—> VYOS

VYOS ---- VLAN for firewall
|---------- VLAN01
|---------- VLAN02
…

With Vyos firewall we can’t create rules who match interface, just network and it is very limited

If i want VLAN01 have internet i have to authorize to 0.0.0.0/0 but VLAN01 will be allowed to access VLAN02 with this rule.

So you will tell me to use the zone policy But all my VLAN talk with lot of VLAN then ultimately we must make one firewall for all zones. Hard to manage !

And with this strategy i have problem with Ping and SSH ^^

all VLAN can ping other vlan or if i “all-ping disable” noboy can ping her interface.
For SSH I just want him to answer to a network source, i configure “listen-address” but the ssh daemon continues to respond on each interface -_-

microlinux · June 30, 2015, 12:04am

Just add a deny for VLAN02 networks? Admittedly, gets a little cumbersome of you have many subnets on each VLAN.