Trying to set a zone-based firewall between a wireguard interface wg0 and a VLAN interface boxen, the following command in configuration mode works fine:
vyos@vyos# compare
[edit zone-policy zone boxen]
+from wg0 {
+ firewall {
+ name wg0-boxen
+ }
+}
[edit]
vyos@vyos# commit
[[zone-policy zone boxen from wg0]] failed
Commit failed
[edit]
This is with sagitta rolling from Dec 26. Interfaces wg0 and boxen exist and have the right IP addresses. What am I missing?
Minimal and simple example:
# Define zonez and attach interfaces to them
set zone-policy zone VLAN11 interface 'eth3.11'
set zone-policy zone WG1 interface 'wg1'
# Define zone to zone firewall names
set zone-policy zone VLAN11 from WG1 firewall name 'WG1-VLAN11'
set zone-policy zone WG1 from VLAN11 firewall name 'VLAN11-WG1'
# Define firewall rules:
set firewall name VLAN11-WG1 default-action 'accept'
set firewall name WG1-VLAN11 default-action 'accept'
# more rules could be added
## set firewall name WG1-VLAN11 rule 10...
## set firewall name WG1-VLAN11 rule 20...
## set firewall name WG1-VLAN11 rule 30...
## set firewall name VLAN11-WG1 rule 10...
## set firewall name VLAN11-WG1 rule 20...
## set firewall name VLAN11-WG1 rule 30...
For more info, look at this example.
I forgot to set set zone-policy zone WG1 interface 'wg1'. Thank you for catching it. Apologies for the newbie question.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.