Can someone guide how to make a basic firewall rule which blocks all traffic which was not initiated from the internal/LAN side first.The official guide is giving errors (Configuration path: firewall [name] is not valid
Set failed )
name adguard {
allow-host-networks
cap-add net-bind-service
image docker.io/adguard/adguardhome:latest
restart always
volume adguard-conf {
destination /opt/adguardhome/conf
source /config/adguardhome/conf
}
volume adguard-hosts {
destination /etc/hosts
mode ro
source /etc/hosts
}
volume adguard-work {
destination /opt/adguardhome/work
source /config/adguardhome/work
}
}
}
interfaces {
ethernet eth0 {
hw-id 00:e2:69:52:85:c0
offload {
gro
gso
lro
rfs
rps
sg
tso
}
ring-buffer {
rx 4096
tx 4096
}
}
ethernet eth1 {
address xx.xxx.xx.x/24
hw-id 00:e2:69:52:85:be
offload {
gro
gso
rfs
rps
sg
tso
}
ring-buffer {
rx 4096
tx 4096
}
}
ethernet eth2 {
hw-id 00:e2:69:52:85:bf
}
ethernet eth3 {
hw-id 00:e2:69:52:85:c1
}
loopback lo {
}
pppoe pppoe0 {
authentication {
password xxxxx
username xxxxx
}
dhcpv6-options {
pd 0 {
interface eth1 {
address 1
sla-id 0
}
}
}
ip {
adjust-mss clamp-mss-to-pmtu
}
ipv6 {
address {
autoconf
}
adjust-mss clamp-mss-to-pmtu
}
source-interface eth0
}
}
nat {
source {
rule 100 {
outbound-interface pppoe0
source {
address xx.xxx.xx.x.0/24
}
translation {
address masquerade
}
}
}
}
service {
dhcp-server {
shared-network-name LAN {
subnet 1/24 {
default-router xx.xxx.xx.x
domain-name vyos.net
lease 86400
name-server xx.xxx.xx.x
range 0 {
start xx.xxx.xx.x0
stop xx.xxx.xx.x.254
}
}
}
}
dns {
dynamic {
address pppoe0 {
service noip {
host-name a
password /[7
protocol noip
username a
}
}
}
}
ntp {
allow-client {
address 0.0.0.0/0
address ::/0
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
router-advert {
interface eth1 {
name-server ::1
prefix ::/64 {
valid-lifetime 172800
}
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
expect-table-size 10485760
hash-size 10485760
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
table-size 10485760
}
console {
device ttyS0 {
speed 115200
}
}
host-name vyos
ip {
arp {
table-size 32768
}
multipath {
layer4-hashing
}
}
ipv6 {
multipath {
layer4-hashing
}
neighbor {
table-size 32768
}
}
login {
user vyos {
authentication {
encrypted-password $6$4ZEJ3pgCthIcDLEr$b.OTA6sgTcHO3QjtPzCkWKOL89HltRwCCT.NLYLepa1hmzqOUpnd.RyiAunbVFY1D/oDOlGkEnBkh9jK0oR0z0
plaintext-password ""
}
}
}
name-server 1.1.1.1
option {
performance throughput
}
syslog {
global {
facility all {
level info
}
facility local7 {
level debug
}
}
}
time-zone A
with the new fw rules nevertheless ill try to make sense from what you wrote in other post.