Local traffic not allowed

alpha23 · July 10, 2020, 11:15pm

The following firewall commands do not allow traffic to interface eth0, destined for the server:

set firewall name IN-eth0 rule 30 action ‘accept’
set firewall name IN-eth0 rule 30 source address ‘’
set firewall name IN-eth0 rule 30 protocol all
set firewall name IN-eth0 default-action drop
set firewall name IN-eth0 enable-default-log
set interfaces ethernet eth0 firewall local name IN-eth0’

The following iptables command resolves the issue:
iptables -I INPUT -s -j ACCEPT

Why do the commands not work?

Dmitry · July 11, 2020, 4:41pm

Hello @alpha23,
Which VyOS version running?
I created a LAB and on 1.2.5 all works with the following rules:

set firewall name IN-eth0 default-action 'drop'
set firewall name IN-eth0 enable-default-log
set firewall name IN-eth0 rule 30 action 'accept'
set firewall name IN-eth0 rule 30 protocol 'all'
set firewall name IN-eth0 rule 30 source address '192.168.255.0/24'
set interfaces ethernet eth0 firewall local name 'IN-eth0'

I can reach the server with ip address 192.168.255.61 from some host from 192.168.255.0/24 network.

alpha23 · July 13, 2020, 2:40am

I’m using 1.3-rolling. I recreated the instance and it is working now. It may have been something that I set manually during testing.