Creating firewalls and zones in VYOS

• The first step in creating a firewall on a router is to create a zone for each interface. This can be done using the command below:

• set zone-policy zone LAN interface eth0

• Now, we create the respective firewalls and set their default settings, then we set a zone-policy so they can communicate.

• set firewall name LAN-to-DMZ default-action drop | set firewall name LAN-to-DMZ enable-default-log

• set zone-policy zone LAN from DMZ firewall name DMZ-to-LAN

• Remember, we create a two firewalls between two interfaces using the first two commands, then we set two zone-policies using the third command, except one is the opposite of the other to enable zones back and forth. Now, we have created our firewalls between two interfaces, and we need look at what we have just done. The following commands are useful for viewing zones and the respective firewalls.

• show zones

• show firewall name LAN-to-DMZ