Previously we started working with jinja to template some of our networks. Now we can apply similar bits to creating firewall rules. Lets start by defining what rules we had when we manually entered them in Part 2.

Global-options

set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'

Network-groups

These are here to define our OUTSIDE HOME/LAN network and INSIDE or DEV/UNTRUSTED network.

In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.

In Part 1 - Setting up SDN we went over setting up Proxmox SDN to create a network inside a network with VXLAN. In this post we will go over the initial set up for VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

At the moment, our VyOS firewall is unconfigured, can’t connect to the Internet, and our VMs on this vxlan network cannot either.

Previously we started working with jinja to template some of our networks. Now we can apply similar bits to creating firewall rules. Lets start by defining what rules we had when we manually entered them in Part 2.

Global-options

set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'

Network-groups

These are here to define our OUTSIDE HOME/LAN network and INSIDE or DEV/UNTRUSTED network.

I have never heard of Aukey before purchasing these. I was looking for a cheap and cheerful pair of Bluetooth earphones to use at night while charging my phone, as I have a Pixel 2XL with no 3.5mm jack. Here lies the big flaw in taking it away-you can either charge your phone, or use the USB-C to 3.5mm adapter and use your headphones but not both. I also wanted a pair to go the gym with, and not to get tangled in a web of headphone cables.

Let me tell you a story, it started around September 2018 ,before I begin a bit of background information.

I have been a Windows user since I built my first computer at 9. Back then it was Windows 95, since then I have used all versions of Windows following 95, apart from 8 & 8.1 ( they don’t really count ) so 98, ME , XP ( RIP ) , Vista , Windows 7 , Windows 10.

Hi 🤗

This is the blog to compliment my channel, or my channel to compliment blog, not quite decided the direction this is going yet.

There is going to be a small delay in the videos ,but it is coming, I can’t get the quality i would like to post so to start i will have a few blog posts and play catch up with the videos.

Anyway this is my introduction to the channel, if you want the TLDR then here it is:

Previously we started working with jinja to template some of our networks. Now we can apply similar bits to creating firewall rules. Lets start by defining what rules we had when we manually entered them in Part 2.

Global-options

set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'

Network-groups

These are here to define our OUTSIDE HOME/LAN network and INSIDE or DEV/UNTRUSTED network.

In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.

In Part 2 we went over initial configuration of VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

Now we want I want to do this in a more automated fashion, my goto is Ansible for something like this configuration management.

VyOS documentation on Automation with Ansible is a bit sparse, I may put a PR in to add some of these examples.

There are some good modules in the vyos.vyos Ansible collection which I may migrate a lot of this to use If they work well enough, but for now we will focus on the vyos_config and using a jinja file for templating.

In Part 1 - Setting up SDN we went over setting up Proxmox SDN to create a network inside a network with VXLAN. In this post we will go over the initial set up for VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

At the moment, our VyOS firewall is unconfigured, can’t connect to the Internet, and our VMs on this vxlan network cannot either.

This is going to be a multi-part series around my homelab, specifically around Vyos the Open-source Networking OS and Firewall.

• Part 2 - Configuring Vyos
• Part 3 - Configuring Vyos with Ansible
• Part 4 - Configuring Vyos with Jinja Templates + Ansible
• Part 5 - Configuring Vyos Firewall with Jinja + Ansible

First of all, Why would I want a network inside a network? Well, Isolation from my main network is the main one, secondly, it has been fun to learn about.

Previously we started working with jinja to template some of our networks. Now we can apply similar bits to creating firewall rules. Lets start by defining what rules we had when we manually entered them in Part 2.

Global-options

set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'

Network-groups

These are here to define our OUTSIDE HOME/LAN network and INSIDE or DEV/UNTRUSTED network.

In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.

Previously we started working with jinja to template some of our networks. Now we can apply similar bits to creating firewall rules. Lets start by defining what rules we had when we manually entered them in Part 2.

Global-options

set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'

Network-groups

These are here to define our OUTSIDE HOME/LAN network and INSIDE or DEV/UNTRUSTED network.

In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.

In Part 2 we went over initial configuration of VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

Now we want I want to do this in a more automated fashion, my goto is Ansible for something like this configuration management.

VyOS documentation on Automation with Ansible is a bit sparse, I may put a PR in to add some of these examples.

There are some good modules in the vyos.vyos Ansible collection which I may migrate a lot of this to use If they work well enough, but for now we will focus on the vyos_config and using a jinja file for templating.

In Part 1 - Setting up SDN we went over setting up Proxmox SDN to create a network inside a network with VXLAN. In this post we will go over the initial set up for VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

At the moment, our VyOS firewall is unconfigured, can’t connect to the Internet, and our VMs on this vxlan network cannot either.

This is going to be a multi-part series around my homelab, specifically around Vyos the Open-source Networking OS and Firewall.

• Part 2 - Configuring Vyos
• Part 3 - Configuring Vyos with Ansible
• Part 4 - Configuring Vyos with Jinja Templates + Ansible
• Part 5 - Configuring Vyos Firewall with Jinja + Ansible

First of all, Why would I want a network inside a network? Well, Isolation from my main network is the main one, secondly, it has been fun to learn about.

Previously we started working with jinja to template some of our networks. Now we can apply similar bits to creating firewall rules. Lets start by defining what rules we had when we manually entered them in Part 2.

Global-options

set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'

Network-groups

These are here to define our OUTSIDE HOME/LAN network and INSIDE or DEV/UNTRUSTED network.

In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.

In Part 2 we went over initial configuration of VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

Now we want I want to do this in a more automated fashion, my goto is Ansible for something like this configuration management.

VyOS documentation on Automation with Ansible is a bit sparse, I may put a PR in to add some of these examples.

There are some good modules in the vyos.vyos Ansible collection which I may migrate a lot of this to use If they work well enough, but for now we will focus on the vyos_config and using a jinja file for templating.

In Part 1 - Setting up SDN we went over setting up Proxmox SDN to create a network inside a network with VXLAN. In this post we will go over the initial set up for VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

At the moment, our VyOS firewall is unconfigured, can’t connect to the Internet, and our VMs on this vxlan network cannot either.

This is going to be a multi-part series around my homelab, specifically around Vyos the Open-source Networking OS and Firewall.

• Part 2 - Configuring Vyos
• Part 3 - Configuring Vyos with Ansible
• Part 4 - Configuring Vyos with Jinja Templates + Ansible
• Part 5 - Configuring Vyos Firewall with Jinja + Ansible

First of all, Why would I want a network inside a network? Well, Isolation from my main network is the main one, secondly, it has been fun to learn about.

In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.

In Part 2 we went over initial configuration of VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

Now we want I want to do this in a more automated fashion, my goto is Ansible for something like this configuration management.

VyOS documentation on Automation with Ansible is a bit sparse, I may put a PR in to add some of these examples.

There are some good modules in the vyos.vyos Ansible collection which I may migrate a lot of this to use If they work well enough, but for now we will focus on the vyos_config and using a jinja file for templating.

In Part 1 - Setting up SDN we went over setting up Proxmox SDN to create a network inside a network with VXLAN. In this post we will go over the initial set up for VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

At the moment, our VyOS firewall is unconfigured, can’t connect to the Internet, and our VMs on this vxlan network cannot either.

This is going to be a multi-part series around my homelab, specifically around Vyos the Open-source Networking OS and Firewall.

• Part 2 - Configuring Vyos
• Part 3 - Configuring Vyos with Ansible
• Part 4 - Configuring Vyos with Jinja Templates + Ansible
• Part 5 - Configuring Vyos Firewall with Jinja + Ansible

First of all, Why would I want a network inside a network? Well, Isolation from my main network is the main one, secondly, it has been fun to learn about.

In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.

In Part 2 we went over initial configuration of VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

Now we want I want to do this in a more automated fashion, my goto is Ansible for something like this configuration management.

VyOS documentation on Automation with Ansible is a bit sparse, I may put a PR in to add some of these examples.

There are some good modules in the vyos.vyos Ansible collection which I may migrate a lot of this to use If they work well enough, but for now we will focus on the vyos_config and using a jinja file for templating.

In Part 1 - Setting up SDN we went over setting up Proxmox SDN to create a network inside a network with VXLAN. In this post we will go over the initial set up for VyOS including setting up:

• Interfaces
• SSH
• Static routes
• DNS
• DHCP servers
• DNS forwarding
• SNAT
• Firewall rules

At the moment, our VyOS firewall is unconfigured, can’t connect to the Internet, and our VMs on this vxlan network cannot either.

This is going to be a multi-part series around my homelab, specifically around Vyos the Open-source Networking OS and Firewall.

• Part 2 - Configuring Vyos
• Part 3 - Configuring Vyos with Ansible
• Part 4 - Configuring Vyos with Jinja Templates + Ansible
• Part 5 - Configuring Vyos Firewall with Jinja + Ansible

First of all, Why would I want a network inside a network? Well, Isolation from my main network is the main one, secondly, it has been fun to learn about.

I have never heard of Aukey before purchasing these. I was looking for a cheap and cheerful pair of Bluetooth earphones to use at night while charging my phone, as I have a Pixel 2XL with no 3.5mm jack. Here lies the big flaw in taking it away-you can either charge your phone, or use the USB-C to 3.5mm adapter and use your headphones but not both. I also wanted a pair to go the gym with, and not to get tangled in a web of headphone cables.

Let me tell you a story, it started around September 2018 ,before I begin a bit of background information.

I have been a Windows user since I built my first computer at 9. Back then it was Windows 95, since then I have used all versions of Windows following 95, apart from 8 & 8.1 ( they don’t really count ) so 98, ME , XP ( RIP ) , Vista , Windows 7 , Windows 10.

Let me tell you a story, it started around September 2018 ,before I begin a bit of background information.

I have been a Windows user since I built my first computer at 9. Back then it was Windows 95, since then I have used all versions of Windows following 95, apart from 8 & 8.1 ( they don’t really count ) so 98, ME , XP ( RIP ) , Vista , Windows 7 , Windows 10.