I’m sorry, I’ve only been using VyOS for a few days and I don’t yet know all its subtleties. And the answer to your question also interests me and ties in with my other post on Group geoip countries
I wonder if with the current way of working you wouldn’t be obliged to create a rule for each country and for each of your accepted rules as long as it isn’t possible to create groups of countries.
For example:
rule 600 {
action accept
source {
geoip {
coutry-code ch
}
destination {
group {
port-group gaming-ports
}
}
protocol tcp_udp
}
And perhaps you could create a group of your existing port groups to limit the number of rules?
set firewall group port-group all_ports_group include rp-ports
set firewall group port-group all_ports_group include mail-ports
set firewall group port-group all_ports_group include gaming-ports
Maybe there’s something more practical, maybe an expert can correct me.
Have a nice day and sorry if my English is sometimes a bit …weird 