Previously we started working with jinja to template some of our networks. Now we can apply similar bits to creating firewall rules. Lets start by defining what rules we had when we manually entered them in Part 2.

Global-options

set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy invalid action 'drop'
set firewall global-options state-policy related action 'accept'

Network-groups

These are here to define our OUTSIDE HOME/LAN network and INSIDE or DEV/UNTRUSTED network.

In part 3 we did our first bit of automation using Ansible to set up the base config for VyOS, In this part we will go over defining our networks and everything needed for a functioning network.

Step 1 - New roles

Lets add a role to define our network and a playbook to run to create them, we will also need a new group_vars we will use lab as in the last part we created a group called vyos and lab and put our firewall under lab and the lab group as a child of vyos. Your directory should now look like the example below with these additions.