Hi,
I have VyOS working with internet access OK, but after applying this config (create local zone), I allowed SSH connections but lost internet access.
set firewall zone LOCAL local-zone
set firewall zone LOCAL from LAN firewall name ‘LAN-to-LOCAL’
set firewall ipv4 name LAN-to-LOCAL default-action ‘drop’
set firewall ipv4 name LAN-to-LOCAL rule 10 action ‘accept’
set firewall ipv4 name LAN-to-LOCAL rule 10 description ‘explicit allow inbound ssh always (anti-lockout)’
set firewall ipv4 name LAN-to-LOCAL rule 10 destination port ‘22’
set firewall ipv4 name LAN-to-LOCAL rule 10 protocol ‘tcp’
set firewall ipv4 name LAN-to-LOCAL rule 10 source group network-group ‘lan-network’
set firewall ipv4 name LAN-to-LOCAL rule 11 action ‘accept’
set firewall ipv4 name LAN-to-LOCAL rule 11 description ‘allow dhcp’
set firewall ipv4 name LAN-to-LOCAL rule 11 destination port ‘67-68’
set firewall ipv4 name LAN-to-LOCAL rule 11 protocol ‘udp’
set firewall ipv4 name LAN-to-LOCAL rule 11 source port ‘67-68’
set firewall ipv4 name LAN-to-LOCAL rule 12 action ‘accept’
set firewall ipv4 name LAN-to-LOCAL rule 12 description ‘allow internet’
set firewall ipv4 name LAN-to-LOCAL rule 12 destination address-mask ‘0.0.0.0’
set firewall ipv4 name LAN-to-LOCAL rule 12 source group network-group ‘lan-network’
ipv4 Firewall “name LAN-to-LOCAL”
Rule Packets Bytes Action Source Destination Inbound-Interface Outbound-interface
10 3 192 accept lan-network any any any
11 5 1660 accept any any any any
12 22 3264 accept lan-network any any any
default 202 12120 drop any any any any
In my config global have this:
set firewall global-options state-policy established action ‘accept’
set firewall global-options state-policy invalid action ‘drop’
set firewall global-options state-policy related action ‘accept’