New to VyOS 1.3 Community. Need help with a specific configuration from the experts


I’m running VyOS 1.3 Community and have a few questions about setting up firewall rules for a specific configuration. What I’m attempting to achieve:

  • Static IP for eth0 (I know how to do this)
  • system wide default route using eth0 (I know how to do this)
  • Static IP for eth1 (I know how to do this)

Need help with the following:

  • Completely disable IPv6 on all interfaces

  • Drop (not reject) all unsolicited inbound traffic coming in on eth0 (this is the “untrusted” network)

    • Except for responding to broadcasts from the directly connected upstream router interface (that I want to be able to define), I need all other traffic to be dropped. I want this
      interface to be completely transparent on the network if interrogated from upstream networks using any standard techniques (except for the directly connected upstream router interface)
  • Allow only icmp and tcp port 12345 in from eth1 and out eth0 - I need icmp response to come back into eth0 and routed through eth1 to the source host on the eth1 network

    • tcp 12345 will not have any expected tcp SYN,ACK or ACK, or RST, or RST,ACK at all and should drop them at eth0
    • all tcp frames with any flags coming back into eth0 should be dropped, regardless of the initiated outbound communications
  • All inbound traffic (allowed or dropped) needs to be logged (if possible).

Can you help me with this configuration?