On Juniper I’m used to applying the local firewall to the loopback interface, but on vyos you can’t apply firewall filters to lo. What I do is I have a firewall filter I apply to local on all connected interfaces, but I find this very annoying and open to mistakes. It’s so easy to forget to apply the firewall to some interface, and doubly when it’s something other than a physical interface (wireguard etc.), since it’s easier to forget that those interfaces receive external traffic just like the physical ones.
Is there an easier way to configure a local firewall filter, without having to apply it to every interface?
which VyOS version are you running? The “real” equivalent of a loopback interface on e.g. Juniper/Cisco on VyOS/Linux is a so called dummy interface. And the dummy interface has firewalling support as of VyOS 1.3.2
“local” is somewhat different on Juniper than on VyOS: the loopback interface on Juniper devices is what connects the routing engine (the control plane - where your SSH, BGP, … services are running) to the PFE (where all packets are routed/switched/…). So while you have an IP on ge-0/0/0, it basically directs the PFE to “forward all packets directed to this IP to the routing engine (loopback)”, which can then be filtered by the single filter.
VyOS doesn’t have this distinction, so every interface needs either its own filter, or has to belong to a zone.