I am continuing to work on switching from pfSense to VyOS for my home router and I think the last thing I need to sort out are the firewall rules.
I have the following zones:
- PRIVATE: contains the LAN and WAN modem admin interface
- PUBLIC: The Internet - contains the PPPoE interface
- DMZ: contain the DMZ interface for servers
- LOCAL: The firewall itself
I am running the router dual-stack (IPv6 and IPv4), which has resulted in a lot of configuration to write. In the end I write a little script to generate the VyOS commands, because there were so many commands / permutations to write.
This is all just ‘boilerplate’ before I write any extra rules.
I think the complexity is created by:
- All the different permutations of the 4 different zones talking to each other
- Having to write nearly everything twice (IPv4 and IPv6)
- Having to enable stateful firewall for each ruleset
Am I missing something? Is there a way this could made shorter / simpler?