I use this documentation Firewall Configuration — VyOS 1.4.x (sagitta) documentation to configure firewall on vyos 1.5 to block ping and ssh to router. I run
set firewall ipv4 input rule 1 action drop
set firewall ipv4 input rule 1 protocol tcp
set firewall ipv4 input rule 1 destination port 22
set firewall ipv4 input rule 2 action drop
set firewall ipv4 input rule 2 protocol icmp
I assume you did a commit and save after those lines?
Which VyOS version do you have (you said 1.5 but from which date which is part of the full version you will see with “show version”)?
Dont forget to do the same for IPv6 (or just drop IPv6 all together if you want to be IPv4 only)?
Other than that here are some tips when it comes to ping and ssh:
set firewall global-options all-ping 'disable'
set service ssh access-control allow user 'vyos'
set service ssh ciphers '[email protected]'
set service ssh dynamic-protection allow-from '192.168.0.0/16'
set service ssh dynamic-protection block-time '60'
set service ssh dynamic-protection detect-time '3600'
set service ssh dynamic-protection threshold '10'
set service ssh listen-address '192.168.56.2'
set service ssh mac 'hmac-sha2-512'
set service ssh rekey data '1024'
set service ssh rekey time '60'
set service ssh vrf 'VRF_MGMT'
The listen-address above is the interface you wish to bind the ssh-server process to.