Add IPv4 address to firewall allow

Bashed · August 16, 2023, 4:54pm

Can’t figure out how to whitelist my IPv4 address in VyOS (1.2x). I asked AI too, and I got this:

vyos@vyos:~$ configure
vyos@vyos# set firewall name <rule-set-name> rule <rule-number> action <action>
vyos@vyos# set firewall name <rule-set-name> rule <rule-number> source address <ip-address>
vyos@vyos# commit
vyos@vyos# exit

I tried it a few ways but no go.

set firewall REM_MGMT 4 accept xxx.xxx.189.82
set firewall 4 accept xxx.xxx.189.82
set firewall name REM_MGMT rule 4 accept xxx.xxx.189.82

Please explain.

Below is my current settings:

show firewall

-----------------------------
Rulesets Information
-----------------------------
--------------------------------------------------------------------------------
IPv4 Firewall "REM_MGMT":

 Active on (eth5,LOCAL)

rule  action   proto     packets  bytes                                   
----  ------   -----     -------  -----                                   
1     accept   all       0        0                                       
  condition - saddr xxx.xxx.45.75 daddr 0.0.0.0/0                                

2     accept   all       0        0                                       
  condition - saddr xxx.xxx.143.54 daddr 0.0.0.0/0                               

3     accept   all       0        0                                       
  condition - saddr xxx.xxx.138.126 daddr 0.0.0.0/0                             

10    drop     tcp       32520    1948280                                 
  condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 tcp dpt:205                       

10000 accept   all       20387454 1658058081                              
  condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0                                   

--------------------------------------------------------------------------------
IPv4 Firewall "wan-out":

 Active on (eth5,OUT)

rule  action   proto     packets  bytes                                   
----  ------   -----     -------  -----                                   
10    drop     all       0        0                                       
  condition - saddr 0.0.0.0/0 daddr xxx.xxx.52.42 LOG enabled

n.fort · August 16, 2023, 5:02pm

Docs for 1.2: Firewall — VyOS 1.2.x (crux) documentation

You are not using suggested command.
You got:

vyos@vyos:~$ configure
vyos@vyos# set firewall name <rule-set-name> rule <rule-number> action <action>
vyos@vyos# set firewall name <rule-set-name> rule <rule-number> source address <ip-address>
vyos@vyos# commit
vyos@vyos# exit

The you should replace what’s in betwen <> for every case. For example:

desired name: TEST
desired action: accept
desired rule number: 10
desired source addres: 198.51.100.1

vyos@vyos:~$ configure
vyos@vyos# set firewall name TEST rule 10 action <action>
vyos@vyos# set firewall name TEST rule 10 source address 198.51.100.1
vyos@vyos# commit
vyos@vyos# exit

Bashed · August 16, 2023, 5:15pm

Thank you, that works but it only worked (access wise) on first VyOS, but the second failover VyOS despite matching firewall settings, still doesn’t work. Did commit/save. Confirmed matchng config on both.

Any possible idea why the 2nd one isn’t in effect?

Apachez · August 16, 2023, 6:24pm

It would help if you can paste the configs from both VyOS routers:

show config commands | strip-private

Bashed · August 16, 2023, 7:36pm

Please see attached.
vyos1.txt (65.4 KB)
vyos2.txt (64.4 KB)

system · August 18, 2023, 7:37pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.