Network Firewalls

Zones

• vyOS and many other firewalls like pfsense have a way to implement zone based firewalls.
  • Each zone tied to an Ethernet interface
• Zones try to communicate with each other and can
  • Zone A -> B gets its own firewall rules
  • Zone B -> A gets its own firewall rules as well

Lab Technique

• Start all firewall exercises with a default drop and log
• Only open ports and protocols required for operation
• Monitor from /var/log/messages to test and monitor what is happening