does anybody know how to use the access-list on VyOs? I’ve already search examples but I didn’t have luck.
In the other hand I saw examples of using firewall rules instead of access list, I don’t know what to use.

sorry if my question is too easy, I’m new with vyos.

Thanks for your time


I would use firewalls, more flexible.


more flexible but i have a lot of problem for my usage, Vyos after firewall

Firewall <—> VYOS

VYOS ---- VLAN for firewall
|---------- VLAN01
|---------- VLAN02

With Vyos firewall we can’t create rules who match interface, just network and it is very limited

If i want VLAN01 have internet i have to authorize to but VLAN01 will be allowed to access VLAN02 with this rule.

So you will tell me to use the zone policy :smiley: But all my VLAN talk with lot of VLAN then ultimately we must make one firewall for all zones. Hard to manage !

And with this strategy i have problem with Ping and SSH ^^

  • all VLAN can ping other vlan or if i “all-ping disable” noboy can ping her interface.
  • For SSH I just want him to answer to a network source, i configure “listen-address” but the ssh daemon continues to respond on each interface -_-


Just add a deny for VLAN02 networks? Admittedly, gets a little cumbersome of you have many subnets on each VLAN.