Is there a way to disable the vyos firewall?

kilroy · March 5, 2022, 6:46pm

Hi, thanks for the help, I really appreciate it.

Pretty sure I tried deleting the firewall before, can’t delete while the firewall is in use. Not sure why I didn’t think to disable eth0 to delete first, I’ll try that.

Here is routing table openvpn up vs. down.

OPENVPN UP:


vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* 0.0.0.0/0 [210/0] via xxx.xxx.xxx.1, eth0, weight 1, 2d19h52m
K>* 0.0.0.0/1 [0/0] via 10.8.1.1, vtun0, 18:10:47
C>* 10.8.1.0/24 is directly connected, vtun0, 18:10:47
C>* xxx.xxx.xxx.0/19 is directly connected, eth0, 2d19h52m
K>* 128.0.0.0/1 [0/0] via 10.8.1.1, vtun0, 18:10:47
K>* 185.236.200.195/32 [0/0] via xxx.xxx.xxx.1, eth0, 2d19h27m
C>* 192.168.0.0/24 is directly connected, eth1, 2d19h53m
C>* 192.168.100.0/24 is directly connected, eth2, 17:59:42
C>* 192.168.200.0/24 is directly connected, eth3, 03:14:08
vyos@vyos:~$
vyos@vyos:~$
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             xxx.xxx.xxx.19/19                 u/u  OUTSIDE
eth1             192.168.0.1/24                    u/u  LAN
eth2             192.168.100.1/24                  u/u  DMZ
eth3             192.168.200.1/24                  u/u  LAB
lo               127.0.0.1/8                       u/u
                 ::1/128
vtun0            10.8.1.2/24                       u/u  NORDVPN
wlan0            192.168.250.1/24                  A/D  WLAN
vyos@vyos:~$
vyos@vyos:~$
vyos@vyos:~$ show ip route kernel
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

K>* 0.0.0.0/1 [0/0] via 10.8.1.1, vtun0, 18:11:05
K>* 128.0.0.0/1 [0/0] via 10.8.1.1, vtun0, 18:11:05
K>* 185.236.200.195/32 [0/0] via xxx.xxx.xxx.1, eth0, 2d19h27m
vyos@vyos:~$
vyos@vyos:~$
vyos@vyos:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.1.1        128.0.0.0       UG    0      0        0 vtun0
default         xxx.xxx.xxx.xxx 0.0.0.0         UG    20     0        0 eth0
10.8.1.0        0.0.0.0         255.255.255.0   U     0      0        0 vtun0
xxx.xxx.xxx.0   0.0.0.0         255.255.224.0   U     0      0        0 eth0
128.0.0.0       10.8.1.1        128.0.0.0       UG    0      0        0 vtun0
nordvpn-5727    xxx.xxx.xxx.xxx 255.255.255.255 UGH   0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.200.0   0.0.0.0         255.255.255.0   U     0      0        0 eth3
vyos@vyos:~$


OPENVPN DOWN:


vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* 0.0.0.0/0 [210/0] via xxx.xxx.xxx.1, eth0, weight 1, 2d19h55m
C>* xxx.xxx.xxx.0/19 is directly connected, eth0, 2d19h55m
K>* 185.236.200.195/32 [0/0] via xxx.xxx.xxx.1, eth0, 2d19h29m
C>* 192.168.0.0/24 is directly connected, eth1, 2d19h55m
C>* 192.168.100.0/24 is directly connected, eth2, 18:02:00
C>* 192.168.200.0/24 is directly connected, eth3, 03:16:26
vyos@vyos:~$
vyos@vyos:~$
vyos@vyos:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             xxx.xxx.xxx.19/19                 u/u  OUTSIDE
eth1             192.168.0.1/24                    u/u  LAN
eth2             192.168.100.1/24                  u/u  DMZ
eth3             192.168.200.1/24                  u/u  LAB
lo               127.0.0.1/8                       u/u
                 ::1/128
wlan0            192.168.250.1/24                  A/D  WLAN
vyos@vyos:~$
vyos@vyos:~$
vyos@vyos:~$ show ip route kernel
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

K>* 185.236.200.195/32 [0/0] via xxx.xxx.xxx.1, eth0, 2d19h29m
vyos@vyos:~$
vyos@vyos:~$
vyos@vyos:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         xxx.xxx.xxx.xxx 0.0.0.0         UG    20     0        0 eth0
xxx.xxx.xxx.0   0.0.0.0         255.255.224.0   U     0      0        0 eth0
nordvpn-5727    xxx.xxx.xxx.xxx 255.255.255.255 UGH   0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.200.0   0.0.0.0         255.255.255.0   U     0      0        0 eth3
vyos@vyos:~$