I’m using VyOS in a manner where I route an entire subnet over it for the Internet…
I want to block access to 3389 as a port, except from a subnet I declare as safe.
Blocking the port is simple:
rule 1000 {
action drop
destination {
port 3389
}
log enable
protocol tcp
}
What I’m trying to remember, forgive me because I’ve googled and have not found an answer that makes the remotest of sense.
Anyone mind helping out?
Firewall rules are sequential being read from top to bottom.
First you need to decide if you want a default accept or default drop firewall.
If you have a default accept firewall, then you explicitly deny traffic you don’t want.
If you have a default drop firewall, then you need to explicitly accept the traffic you do want.
Default Deny:
firewall {
name eth0-in {
default-action drop
rule 100 {
action accept
log enabled
protocol all
source {
address XXX.XXX.XXX.XXX/XX
}
}
}
}Default Accept:
firewall {
name eth0-in {
default-action accept
rule 100 {
action accept
log enabled
protocol tcp
source {
address XXX.XXX.XXX.XXX/XX
}
destination {
port 3389
}
}
rule 101 {
action drop
destination {
port 3389
}
log disable
protocol tcp
}
}
}
You then need to assign this access list to an interface:
interfaces {
ethernet eth0 {
.........
.........
firewall {
in {
name eth0-in
}
}
}
}