I downloaded the VYOS for Hyper V to generate a situation that is similar to a real world situation. I am trying to duplicate a router with the similar commands as that of the cisco router. I am looking for an ACL example to use. I looked at the documentation but it was not real clear on what to write. In the Cisco router, I am using an IP access-list extended ForNAT and the under it I am using a permit IP host 192.168.xx.xx any.
Example;
ip access-list extended ForNAT
10 permit ip host 192.168.xx.xx any
Ok. I am trying what you stated on this. Both are good pieces of information. Coming from a Cisco router stand point, this router is close, but still struggling in getting it all put together with the syntax. I have managed to get the router to route my traffic out from my test network, this is from both servers and my workstation. I now want to block the workstation from ever getting to the internet which would be close to what I have in my real world situation.
So taking into account that I am using V1.2.9 I am looking at the documentation and am not seeing access list but only firewall rules, but did try to do the access list that Ginko supplied but I must be missing something as to where I need to place the rule at. Meaning on the interfaces, I am assuming that it would be on the outside interface to allow all out except my workstation.
In VyOS, ACLs are not a general use object like you would see in Cisco. They are for route-filtering in routing protocols, since they allow for discontiguous matching.
VyOS just rolls the actions from ACLs directly into the syntax of what you’re doing. So that could be NAT, firewall, etc…, like I showed in my example. Those examples won’t be 1:1 for what you need due to version differences, but just lookup the VyOS documentation for firewall to see what you need to do.
Thank you for getting back to me quickly. I got NAT working just fine. The firewall /ACL is my main hold up. I basically need to deny everything coming from my internal network, basically everything stays inside. The only thing that goes out is the server. I will refer back to the documentation on firewalls and see if I can figure out how to deny everything except that of the server.