VyOS is an open source network operating system (NOS). It is installed on routers and can be used to configure routing protocols, firewalls, DHCP, NAT,etc.
Default Credentials
Username: vyos
Password: vyos
Command Line
The command line structure is very similar to the CLI found in Cisco.
Configure, Commit, Save, Exit
To make any changes to the system, the configure command must be used to enter the configure terminal.
After the configuration has been made, the commit command must be used to make the change for the current running configuration
To make the configuration change permanent and on boot, the save command must be used.
Finally, once all configurations are complete, use the exit command to leave the configure terminal.
List of Commands
Hostname
set system host-name [name] - Changes the hostname of the device to [name]
User Accounts
set system login user [username] - creates a new user account with the name [username]
set system login user [username] authentication plaintext-password [password] - changes the password for the user named [username] to [password]
set system login user [username] disable - Locks the account named [username]
Address & Interfaces
show interfaces - Prints all the current interfaces on the device
delete interfaces ethernet eth# address dhcp - Deletes DHCP on the given Ethernet Interface
set interfaces ethernet [eth#] description [description] - Sets the description for the given Ethernet Interface
set interfaces ethernet [eth#] address [ip-address/mask] - Sets the IP address and subnet mask for the given Ethernet Interface
Routing
Static Routing
set protocols static route [ip-address/mask] next-hop [hop-ip-address] - Creates a static route for all traffic from [ip-address] to be forwarded to [hop-ip-address]
0.0.0.0/0 - Used to indicate all traffic
RIP
set protocols rip interface [eth#] - Enables RIP on the following Interface
``set protocols rip network [network address/subnet] - Advertises the given network address on the ethernet interface provided earlier
NAT
Forwarding
set nat source rule 10 description "[Description]" - Changes the description for the NAT rule 10 (Address Forwarding)
set nat source rule 10 outbound-interface [interface] - Assigns the given interface to translate the NAT addresses for traffic going out the network
set nat source rule 10 source address [network-address/mask] - Assigns the given network address to be translated via the NAT rule
set nat source rule 10 translation address masquerade - Sets the NAT to masquerade, which hides the private IP addresses from the public
DNS
set system name-server [dns-ip-address] - Sets the default DNS server for the device to be [dns-ip-address].
Forwarding
set service dns forwarding listen-address [ip-address] - Assigns the given ip address as the DNS forwarder/listener
set service dns forwarding allow-from [network-address/mask] - Allows the given network address to perform recursive DNS
set service dns forwarding system - Forwards all DNS queries to the address configured under name-server
Zones
Creating Zones
set zone-policy zone [zone] interface [eth#]
Creating Firewall
set firewall name [name] default-action drop
set firewall name [name] enable-default-log
Applying Firewall to Zone
set zone-policy zone [policy name] firewall name [firewall name]
Rules
Outbound Traffic
set firewall name (name) rule (#) action accept
set firewall name (name) rule (#) description "(Description here)"
set firewall name (name) rule (#) destination address (ip-address)
set firewall name (name) rule (#) destination port (#)
set firewall name (name) rule (#) protocol (tcp/udp)
Inbound Traffic
Allow Established Traffic
set firewall name (name) rule (#) action accept
set firewall name (name) rule (#) state established enable
Exporting Configuration
show configuration commands | grep -v "syslog global\|ntp\|login\|console\|config\|hw-id\|loopback\|conntrack" >> [filename]