Share Your VyOS Best Practices with the Community!

Hello VyOS Community Members!

We wanted to kick-start a conversation with you about best practices.

You know the VyOS network operating system can be used in many network setups. However, conjuring specific VyOS products for different use cases can take some effort, especially for newer users.

That’s why we encourage everyone to share their best practices for configuring specific VyOS products for different setups. Whether you’ve used VyOS to build complex network infrastructure, or any other networking use case, your insights and techniques could help others optimize for their needs.

By sharing your knowledge and experience with others, you’ll contribute to the growth and development of the VyOS community. You’ll also be able to connect with other users who share your interests and learn from their experiences.

Please reply to this post if you have valuable best practices to share about the topics below. Your insights and knowledge could help others benefits from this fantastic network operating system.

  • Configuring VyOS routers for specific network topologies.
  • Best practices for configuring VyOS firewalls for different use cases.
  • How to configure VyOS VPNs for different networking setups.
  • Best practices for configuring specific VyOS products for secure network environment.

Thank you for being a part of this fantastic community, and we look forward to hearing about your VyOS products best practices.

Warm regards,

This is a “Vyos as a home router” thing that I do myself which I consider good hygine. I’m open to feedback though!

I install the WaterByWind script and enable some blacklsits. This cuts down on the amount of spam/hack/SMTP attempts I see on my home network.

I hide most things behind Wireguard, but I run some public websites and my Home Assistant instance publically facing, having a blacklist of IPs cuts down on the logs and provides some protection against bad actors.

I’m running Vyos 1.3, I’m not sure if this script will work on 1.4 as I think that ipset has been removed from it.


@tjh Thank you for sharing your insights with us!