I have a case with unusually bogus ISP, its gateway can be ping-ed from another ISP ip. So my failover script doesn’t work because ping go through no matter what.
“ping -I eth0 ip.x.x.x” does NOT work on VyOS for whatever reason, ping doesn’t accept arguments like on another distro.
How to disable ping from from VyOS itself from eth1 to gateway of this ISP only?
Bogus ISP link connected to eth0.
I tried with addition to zone based firewall yet it didn’t worked.
set zone-policy zone ZONE-WAN interface eth0 set zone-policy zone ZONE-WAN interface eth1 set zone-policy zone ZONE-DMZ interface eth2 set zone-policy zone ZONE-INT interface eth3 -------- set zone-policy zone ZONE-ROUTER-LOCAL local-zone set zone-policy zone ZONE-ROUTER-LOCAL default-action drop -------- set zone-policy zone ZONE-ROUTER-LOCAL from ZONE-WAN firewall name FW-RT-2LOC-SSH ------- set firewall name FW-RT-2LOC-SSH rule 168 action drop set firewall name FW-RT-2LOC-SSH rule 168 protocol icmp set firewall name FW-RT-2LOC-SSH rule 168 destination address bugus.isp.gw.ip set firewall name FW-RT-2LOC-SSH rule 168 source address isp2.wan.ip.xx
Thanks in advance for any suggestion(s).