Cant block traffic to Firewall(vyos) itself

Hi all,

i try to block traffic to the firewall itself.
I had set following rules.
"
IPv4 Firewall “Gast-Network-In”:

Active on (eth1.5,IN)

rule action proto packets bytes


1 drop all 0 0
condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 match-set DMZ-Network dst
"

For example i cant ping a device in DMZ-Network(10.x.2.100) but i can ping vyos 10.x.2.1.

The interfaces configured as vlan eth1.5 is GuestNetwork and eth1.2 is DMZ.

I can see this in the logs if i ping 10.x.2.1"ESTABLISHED" but i cant find any log entry that establish this connection.

[FW-STATE_POL-ESTABLISHED-A]IN= OUT=eth1.5 SRC=10.x.2.1 DST=10.x.5.106 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=35797 PROTO=ICMP TYPE=0 CODE=0 ID=18713 SEQ=1

Thanks in advance for your answers :slight_smile:

Firewalling the Vyos itself is via “local” not “in” rules. For example:-

set interfaces ethernet eth1 vif 5 firewall local name ‘rulename’

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.