6c1c77b337fad4fb7f895fbbc5bef4db2d51b25d
howto/vyos.md
| ... | ... | @@ -27,11 +27,11 @@ set firewall group network-group Allowed-Transit-v4 network '172.20.0.0/14' |
| 27 | 27 | set firewall name Tunnels_In_v4 default-action 'drop' |
| 28 | 28 | set firewall name Tunnels_In_v4 enable-default-log |
| 29 | 29 | set firewall name Tunnels_In_v4 rule 68 action 'drop' |
| 30 | -set firewall name Tunnels_In_v4 rule 68 description 'Block Traffic to DN42 Space' |
|
| 30 | +set firewall name Tunnels_In_v4 rule 68 description 'Block Traffic to Operator Assigned IP Space' |
|
| 31 | 31 | set firewall name Tunnels_In_v4 rule 68 source address '172.20.20.0/24' |
| 32 | 32 | set firewall name Tunnels_In_v4 rule 68 log 'enable' |
| 33 | 33 | set firewall name Tunnels_In_v4 rule 68 action 'drop' |
| 34 | -set firewall name Tunnels_In_v4 rule 69 description 'Block Traffic to DN42 Space' |
|
| 34 | +set firewall name Tunnels_In_v4 rule 69 description 'Block Traffic to Operator Assigned IP Space' |
|
| 35 | 35 | set firewall name Tunnels_In_v4 rule 69 destination address '172.20.20.0/24' |
| 36 | 36 | set firewall name Tunnels_In_v4 rule 69 log 'enable' |
| 37 | 37 | set firewall name Tunnels_In_v4 rule 70 action 'accept' |
| ... | ... | @@ -39,17 +39,15 @@ set firewall name Tunnels_In_v4 rule 70 description 'Allow Peer Transit' |
| 39 | 39 | set firewall name Tunnels_In_v4 rule 70 destination group network-group 'Allowed-Transit-v4' |
| 40 | 40 | set firewall name Tunnels_In_v4 rule 70 source group network-group 'Allowed-Transit-v4' |
| 41 | 41 | set firewall name Tunnels_In_v4 rule 70 log 'enable' |
| 42 | -set firewall name Tunnels_In_v4 rule 98 action 'drop' |
|
| 43 | -set firewall name Tunnels_In_v4 rule 98 description 'Black Hole' |
|
| 44 | -set firewall name Tunnels_In_v4 rule 98 destination address '0.0.0.0/0' |
|
| 45 | -set firewall name Tunnels_In_v4 rule 98 log 'enable' |
|
| 46 | 42 | set firewall name Tunnels_In_v4 rule 99 action 'drop' |
| 47 | 43 | set firewall name Tunnels_In_v4 rule 99 description 'Black Hole' |
| 48 | 44 | set firewall name Tunnels_In_v4 rule 99 log 'enable' |
| 49 | -set firewall name Tunnels_In_v4 rule 99 source address '0.0.0.0/0' |
|
| 50 | 45 | |
| 51 | 46 | #Local Connections |
| 52 | 47 | set firewall name Tunnels_Local_v4 default-action 'drop' |
| 48 | +set firewall name Tunnels_Local_v4 rule 50 action 'accept' |
|
| 49 | +set firewall name Tunnels_Local_v4 rule 50 icmp |
|
| 50 | +set firewall name Tunnels_Local_v4 rule 50 protocol 'icmp' |
|
| 53 | 51 | set firewall name Tunnels_Local_v4 rule 61 action 'accept' |
| 54 | 52 | set firewall name Tunnels_Local_v4 rule 61 description 'Allow BGP' |
| 55 | 53 | set firewall name Tunnels_Local_v4 rule 61 destination port '179' |
| ... | ... | @@ -57,11 +55,10 @@ set firewall name Tunnels_Local_v4 rule 61 protocol 'tcp' |
| 57 | 55 | set firewall name Tunnels_Local_v4 rule 98 action 'drop' |
| 58 | 56 | set firewall name Tunnels_Local_v4 rule 98 description 'Black Hole' |
| 59 | 57 | set firewall name Tunnels_Local_v4 rule 98 log 'enable' |
| 60 | -set firewall name Tunnels_Local_v4 rule 98 destination address '0.0.0.0/0' |
|
| 58 | +set firewall name Tunnels_Local_v4 rule 98 state invalid 'enable' |
|
| 61 | 59 | set firewall name Tunnels_Local_v4 rule 99 action 'drop' |
| 62 | 60 | set firewall name Tunnels_Local_v4 rule 99 description 'Black Hole' |
| 63 | 61 | set firewall name Tunnels_Local_v4 rule 99 log 'enable' |
| 64 | -set firewall name Tunnels_Local_v4 rule 99 source address '0.0.0.0/0' |
|
| 65 | 62 | ``` |
| 66 | 63 | |
| 67 | 64 | ## Wireguard |