does anybody know how to use the access-list on VyOs? I’ve already search examples but I didn’t have luck.
In the other hand I saw examples of using firewall rules instead of access list, I don’t know what to use.
sorry if my question is too easy, I’m new with vyos.
Thanks for your time
I would use firewalls, more flexible.
more flexible but i have a lot of problem for my usage, Vyos after firewall
Firewall <—> VYOS
VYOS ---- VLAN for firewall
|---------- VLAN01
|---------- VLAN02
…
With Vyos firewall we can’t create rules who match interface, just network and it is very limited
If i want VLAN01 have internet i have to authorize to 0.0.0.0/0 but VLAN01 will be allowed to access VLAN02 with this rule.
So you will tell me to use the zone policy
But all my VLAN talk with lot of VLAN then ultimately we must make one firewall for all zones. Hard to manage !
And with this strategy i have problem with Ping and SSH ^^
- all VLAN can ping other vlan or if i “all-ping disable” noboy can ping her interface.
- For SSH I just want him to answer to a network source, i configure “listen-address” but the ssh daemon continues to respond on each interface -_-
Just add a deny for VLAN02 networks? Admittedly, gets a little cumbersome of you have many subnets on each VLAN.