Creating and editing Firewall Rules - jwells24/Tech-Journal GitHub Wiki

Creating and editing Firewall Rules on VYOS

We need to remember that we can only start setting rules once we have created our firewalls going between to interfaces. Once this is done, we can start creating rules such as rule 10, rule 20. Rules are evaluated in number order, so we need to make sure to leave space to add rules in between as well as put general rules at the top.

Now that we have established and created our respective firewalls, we need to set rules so they can communicate. The following commands are used to edit rules and create them. In order, these commands will create a rule to allow computers to navigate from one interface to a computer's HTTP server.
set firewall name LAN-to-DMZ rule 10 action accept
This command sets the rule to accept all connections regarding this rule.
set firewall name LAN-to-DMZ rule 10 destination address 192.168.1.10
This command sets the destination address regarding to the rule.
set firewall name LAN-to-DMZ rule 10 destination port 80
This command sets the destination port regarding the rule.
set firewall name LAN-to-DMZ rule 10 protocol tcp
This command sets the allowed protocol of the packet.
set firewall name LAN-to-DMZ rule 10 description "Allow HTTP access to web01 from LAN"
This command sets the description of the rule.
This next command is used to allow already established connections back into the firewall, so that connections such as TCP can communicate between each other. Make sure to have already set the rule to action accept, and add this next command for it to work.
set firewall name DMZ-to-LAN rule 1 state established enable
These commands can be used to set a myriad of different rules, and you can interchange protocols and addresses to create a wide range of rules using these six commands.