Hello I am having a problem with VyOS and setting up a firewall zone on a sub interface for which is a VLAN.
I have created a VLAN 500 and I am assigning DHCP. Clients can get to the internet with no problem. As soon as I apply the following firewall rule:
:: VLAN 500 IN
set firewall name VLAN-500-IN default-action ‘drop’
set firewall name VLAN-500-IN rule 1000 action ‘drop’
set firewall name VLAN-500-IN rule 1000 source group network-group ‘BLACKLISTED’
set firewall name VLAN-500-IN rule 1001 action ‘drop’
set firewall name VLAN-500-IN rule 1001 destination group network-group ‘BLACKLISTED’
set firewall name VLAN-500-IN rule 1010 action ‘accept’
set firewall name VLAN-500-IN rule 1010 state established ‘enable’
set firewall name VLAN-500-IN rule 1010 state related ‘enable’
set firewall name VLAN-500-IN rule 1011 action ‘drop’
set firewall name VLAN-500-IN rule 1011 state invalid ‘enable’
set firewall name VLAN-500-IN rule 9000 action ‘accept’
set firewall name VLAN-500-IN rule 9000 source group network-group ‘MANAGEMENT LAN’
set firewall name VLAN-500-IN rule 9000 state new ‘enable’
I apply the rule against the sub interface:
set interfaces ethernet eth4 vif 500 firewall in name ‘VLAN-500-IN’
I am natting out through eth0 to the internet.
Once I remove it I am able to access to the internet. The rule some how kills access to my gateway IP. Not sure what is wrong with my config. Any help appreciated.