VyOS - eitan-j/tech-journal GitHub Wiki

How to configure

configure
{commands}
commit
save
exit

Setup Commands

set system login user {name} authentication plaintext-password {password}
set system host-name {hostname} to set system hostname

Network commands

delete interfaces ethernet {device} address {address} to clear ethernet device
set interfaces ethernet {device} description {description} to give description to ethernet device
set interfaces ethernet {device} address {address}/{cidr} to give IP address and netmask to ethernet device
set protocols static route 0.0.0.0/0 next-hop {gateway} to set default gateway
set system name-server {name-server} to set DNS server

NAT

set nat source rule {number} description "{description}"
set nat source rule {number} outbound-interface {device}
set nat source rule {number} source address {address}/{cidr}
set nat source rule {number} translation address masquerade

DNS Forwarding

set service dns forwarding listen-address {address}
set service dns forwarding allow-from {addressblock}/{cidr}
set service dns forwarding system

Enable RIP Routing

set protocols rip interface {interface}
set protocols rip network {addressblock}/{cidr}

Log to remote server

set system syslog host {logserverip} facility authpriv level info

Setup firewall

set firewall name {firewallname} default-action drop
set firewall name {firewallname} enable-default-log
set zone-policy zone {zone} interface {interface}
set zone-policy zone {zoneto} from {zonefrom} firewall name {firewallname}

Create firewall rule

set firewall name {firewallname} rule {rulenumber} action accept/reject/drop
set firewall name {firewallname} rule {rulenumber} description {description}
set firewall name {firewallname} rule {rulenumber} source/destination address {ipaddress}
set firewall name {firewallname} rule {rulenumber} destination port {port}
set firewall name {firewallname} rule {rulenumber} protocol {protocol}

Allow established connections

set firewall name {firewallname} rule 1 action accept
set firewall name {firewallname} rule 1 state established enable

Export commands

show configuration commands | grep -v "syslog global\|ntp\|login\|console\|config\|hw-id\|loopback\|conntrack"

Port forwarding

set nat destination rule {number} description {description}
set nat destination rule {number} destination port {inbound port}
set nat destination rule {number} inbound-interface {interface}
set nat destination rule {number} protocol {protocol}
set nat destination rule {number} translation address {forwarding address}
set nat destination rule {number} translation port {forwarding port}