I think the broken link is to this article: Zone-based Firewall Guide : VyOS Support Portal
And I agree, for a blueprint it would be more helpful to have the config commands than the plain config. But the structure usually maps 1:1, so you can reconstruct the commands from a configuration. Also it looks like the example is outdated. Personally I started with VyOS 1.4 and never used the ZBF, just the standard one.
To configure the zone ruleset you can reference
- IPv4 Firewall Configuration — VyOS 1.5.x (circinus) documentation
- IPv6 Firewall Configuration — VyOS 1.5.x (circinus) documentation
(ignore the forward/input/output)
Typically you’d have either set global:
set firewall global-options state-policy established action accept
set firewall global-options state-policy related action accept
set firewall global-options state-policy invalid action drop
or per zone
set firewall ipv4 name mgmt4-to-wan4 default-action 'drop'
set firewall ipv4 name mgmt4-to-wan4 default-log
set firewall ipv4 name mgmt4-to-wan4 rule 1 action 'accept'
set firewall ipv4 name mgmt4-to-wan4 rule 1 state 'established'
set firewall ipv4 name mgmt4-to-wan4 rule 1 state 'related'
set firewall ipv4 name mgmt4-to-wan4 rule 2 action 'drop'
set firewall ipv4 name mgmt4-to-wan4 rule 2 state 'invalid'
Then to allow all traffic explicitly as you have it:
set firewall ipv4 name mgmt4-to-wan4 rule 10 action accept
And maybe this might be helpful for you: