4cb5623447f6e48fa5bee24a2c27cc4ab0b849d3
howto/vyos.md
| ... | ... | @@ -93,18 +93,13 @@ set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route- |
| 93 | 93 | ``` |
| 94 | 94 | |
| 95 | 95 | ###Example Firewall |
| 96 | -In this example our VyOS router has one upstream uplink on **eth0**, and two tunnels/peers on **wg1** and **wg2**. |
|
| 96 | +In this example our VyOS router has one upstream uplink on **eth0**, and two tunnels/peers on **wg1** and **wg2**. We have two access lists: one for transit connections and one for local connections from our peer (BGP). Notice on the transit access list we don't black hole **invalid** packets - logic behind this is explained [here](https://wiki.dn42/howto/networksettings.md). |
|
| 97 | 97 | |
| 98 | 98 | ####Interfaces |
| 99 | 99 | ```` |
| 100 | 100 | ethernet eth0 { |
| 101 | 101 | address 192.168.1.2/30 |
| 102 | 102 | description "Upstream/ISP" |
| 103 | - firewall { |
|
| 104 | - out { |
|
| 105 | - name To_Upstream_Network |
|
| 106 | - } |
|
| 107 | - } |
|
| 108 | 103 | hw-id 00:00:00:00:00:00 |
| 109 | 104 | } |
| 110 | 105 | wireguard wg1 { |
| ... | ... | @@ -216,7 +211,7 @@ In this example our VyOS router has one upstream uplink on **eth0**, and two tun |
| 216 | 211 | } |
| 217 | 212 | rule 50 { |
| 218 | 213 | action accept |
| 219 | - description "Allow Peer Transit (DN42 Only)" |
|
| 214 | + description "Allow Peer Transit" |
|
| 220 | 215 | destination { |
| 221 | 216 | group { |
| 222 | 217 | network-group Allowed-Transit |