Firewall configuration ( address group )

Romell · October 22, 2020, 1:58pm

Hello

In this picture I have a topology using VMware ESXI

What I want is to create address group then on VYOS2 block Mikrotik router with this IP 51.10.10.1 to reach 8.8.8.8

Mikrotik using the route to VYOS2 to reach the internet so I will configure firewall using address group on VYOS2

to block 51.10.10.1 reach google IP

Please I need your help with full commands if you can

I’m using eth2 to connect CSR and eth1 to connect to the internet and also my PC

Best Regards

Viacheslav · October 22, 2020, 4:50pm

You need firewall rules like

set firewall group address-group BLCK address '51.10.10.1'
set firewall name FRWD-IN default-action 'accept'
set firewall name FRWD-IN rule 10 action 'drop'
set firewall name FRWD-IN rule 10 destination address '8.8.8.8'
set firewall name FRWD-IN rule 10 source group address-group 'BLCK'

set interfaces ethernet eth2 firewall in name 'FRWD-IN'

Romell · October 22, 2020, 6:39pm

Great thanks man I really appreciate it

system · October 24, 2020, 6:39pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.