Network Firewalls 1 - nicolas-tullio/Tech-Journal GitHub Wiki

Updating VyOS

VyOS documentation for updating VyOS here: https://docs.vyos.io

Configuring RIP

• set protocols rip interface [INTERFACE]
• set protocols rip network [NETWORK ID/MASK]

Firewall Zones creation

Create and link firewall zones to interfaces

• set zone-policy zone zone name interface interface

Create firewalls for links, with a default drop

• set firewall name fw name default-action drop

Enable logging

• set firewall name fw name enable-default-log

Assign firewall to zone

• set zone-policy zone interface from interface firewall name fw name

To monitor firewall logs: tail -f /var/log/messages | grep _interface_

Firewall Rule creation

Create firewall rules:

• set firewall name fw name rule # action accept
• set firewall name fw name rule # description "description"
• set firewall name fw name rule # destination address ip
• set firewall name fw name rule # destination port #
• set firewall name fw name rule # protocol tcp

Firewall rule to allow established connections back out:

• set firewall name fw name rule # action accept
• set firewall name fw name rule # state established enable

Debugging Firewall Blocks

Use tail -f /var/logs/messages to see logs and troubleshoot from the information they provide

Exporting vyos configurations

1. Generate the text file containing the configuration show configuration commands | grep -v "syslog global|ntp|login|console|config|hw-id|loopback|conntrack" > fw-mgmt-week4.txt
2. SCP this file to machine with Git installed scp fw-mgmt-week4.txt [email protected]:/home/nicolas
3. Move the file into the GitHub repository folder mv fw-mgmt-week4.txt Tech-Journal/SEC-350/fw-mgmt-week4.txt
4. Git add git add fw-mgmt-week4.txt
5. Git commit git commit -m Week 4 firewall configs
6. Git push git push