Setting firewall group objects

I am trying to set a firewall group with Vyos and I do not have a static IP from my ISP. I get a DHCP address. I am not sure of the syntax.

Here is the example syntax: set firewall grouo network-group NET-WAN network ‘197.51.100.0/24’
the “197.51.100.0/24” would be the random DHCP address. How would I enter it in? Thank you in advance for the help.

Hello, @adelagarde!
Yes, you use right syntax to set up network group. As I understand, you want to set up firewall rules, that will describe traffic to/from your router? You can do this in this manner if you exactly know whole ISP network space. Alternative way is using firewall local-zone.

1 Like

Hello zsdc,

Thank you for the fast reply. Yes I have a local rule established as well. I am confused on your statement "
You can do this in this manner if you exactly know whole ISP network space"
sorry I do not understand. Could you please clarify. Thank you! :wink:

@zsdc to be clear all I want to do is kill inter VLAN traffic. Hosts within the VLAN should not communicate with other hosts on another vlan

Hi, @adelagarde!
This is very simple task. For example, you have eth1.100 with address 192.168.100.1/24 and eth1.200 with 192.168.200.1/24:

set firewall group network-group LOCAL_VLANS network 192.168.100.0/24
set firewall group network-group LOCAL_VLANS network 192.168.200.0/24
set firewall name BLOCK_INTERVLAN default-action accept
set firewall name BLOCK_INTERVLAN rule 10 action drop
set firewall name BLOCK_INTERVLAN rule 10 destination group network-group LOCAL_VLANS
set interfaces ethernet eth1.100 firewall in name BLOCK_INTERVLAN
set interfaces ethernet eth1.200 firewall in name BLOCK_INTERVLAN

That’s all.