Hello,
I’m running VyOS 1.3 Community and have a few questions about setting up firewall rules for a specific configuration. What I’m attempting to achieve:
- Static IP for eth0 (I know how to do this)
- system wide default route using eth0 (I know how to do this)
- Static IP for eth1 (I know how to do this)
Need help with the following:
-
Completely disable IPv6 on all interfaces
-
Drop (not reject) all unsolicited inbound traffic coming in on eth0 (this is the “untrusted” network)
- Except for responding to broadcasts from the directly connected upstream router interface (that I want to be able to define), I need all other traffic to be dropped. I want this
interface to be completely transparent on the network if interrogated from upstream networks using any standard techniques (except for the directly connected upstream router interface)
- Except for responding to broadcasts from the directly connected upstream router interface (that I want to be able to define), I need all other traffic to be dropped. I want this
-
Allow only icmp and tcp port 12345 in from eth1 and out eth0 - I need icmp response to come back into eth0 and routed through eth1 to the source host on the eth1 network
- tcp 12345 will not have any expected tcp SYN,ACK or ACK, or RST, or RST,ACK at all and should drop them at eth0
- all tcp frames with any flags coming back into eth0 should be dropped, regardless of the initiated outbound communications
-
All inbound traffic (allowed or dropped) needs to be logged (if possible).
Can you help me with this configuration?