Документация
Документация VyOS
Configuration Examples - Примеры конфигурации VyOS
Firewall with VRF Isolation

Firewall with VRF Isolation

Firewall rules для контроля traffic между VRF instances при multi-tenant deployments.

Сценарий

  • Multi-Tenant: Изоляция customers через VRF
  • Selective Access: Контролируемый доступ к shared services
  • Security: Firewall между VRF

Configuration 

# VRF Creation
set vrf name CUSTOMER-A table '100'
set vrf name CUSTOMER-B table '200'
set vrf name SHARED table '999'

# Firewall для inter-VRF traffic
set firewall ipv4-name VRF-ISOLATION default-action 'drop'
set firewall ipv4-name VRF-ISOLATION rule 10 action 'accept'
set firewall ipv4-name VRF-ISOLATION rule 10 destination address '10.255.0.53'
set firewall ipv4-name VRF-ISOLATION rule 10 destination port '53'
set firewall ipv4-name VRF-ISOLATION rule 10 protocol 'udp'
set firewall ipv4-name VRF-ISOLATION rule 10 description 'Allow DNS to shared'

# Apply к VRF
set vrf name CUSTOMER-A ip protocol all export 'VRF-ISOLATION'
set vrf name CUSTOMER-B ip protocol all export 'VRF-ISOLATION'

Ссылки

Zone-Based FirewallBridge with Firewall (L2 Filtering)