Is this scenario best way?
Our datacenter give us a IP external IP range 1xx.xx.xx.xx/25 with a gateway 1xx.xx.xx.1 on an ethernet cable
We have mounted this:
[datacenter] — [ vyos ethenet 0 < - bridge -> vyos ethernet 1] — [ wan switch ] - [ servers with ips 1xx.xx.xx.02 … 127 / 25]
on vyos side, we have make a bridge like this:
set interfaces ethernet eth0 bridge-group bridge 'br0'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id 'xxxxxxxxxxxxx'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 bridge-group bridge 'br0'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id 'xxxxxxxxxxxxx'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
and a firewall with rules like this:
set firewall name perimetro rule 10 action 'accept'
set firewall name perimetro rule 10 state established 'enable'
set firewall name perimetro rule 10 state related 'enable'
...
set firewall name perimetro rule 140 action 'accept'
set firewall name perimetro rule 140 destination address '1xx.xx.xx
set firewall name perimetro rule 140 destination port '80,443'
set firewall name perimetro rule 140 protocol 'tcp'
....
set firewall name perimetro rule 9999 action 'drop'
and finaly assigned firewall to bridge
set interfaces bridge br0 firewall in name 'perimetro'
Is this the best way to filter traffic??