firewall {
    bridge {
        forward {
            filter {
                rule 1 {
                    action "accept"
                    vlan
                }
            }
        }
    }
    ipv4 {
        forward {
            filter {
                rule 1 {
                    action "accept"
                    add-address-to-group
                }
                rule 2 {
                    action "accept"
                    connection-status
                }
                rule 3 {
                    action "accept"
                    destination
                }
                rule 5 {
                    action "accept"
                    fragment
                }
                rule 6 {
                    action "accept"
                    icmp
                }
                rule 7 {
                    action "accept"
                    inbound-interface
                }
                rule 8 {
                    action "accept"
                    ipsec
                }
                rule 9 {
                    action "accept"
                    limit
                }
                rule 10 {
                    action "accept"
                    log
                    log-options
                }
                rule 11 {
                    action "accept"
                    outbound-interface
                }
                rule 13 {
                    action "accept"
                    source
                }
                rule 14 {
                    action "accept"
                    tcp
                }
                rule 15 {
                    action "accept"
                    time
                }
                rule 16 {
                    action "accept"
                    ttl
                }
                rule 17 {
                    action "accept"
                    destination {
                        group
                    }
                }
                rule 18 {
                    action "accept"
                    destination {
                        geoip
                    }
                }
                rule 19 {
                    action "accept"
                    source {
                        group
                    }
                }
                rule 20 {
                    action "accept"
                    source {
                        geoip
                    }
                }
                rule 21 {
                    action "accept"
                    tcp {
                        flags
                    }
                }
            }
        }
    }
    ipv6 {
        forward {
            filter {
                rule 1 {
                    action "accept"
                    hop-limit
                }
                rule 2 {
                    action "accept"
                    icmpv6
                }
            }
        }
    }
}
interfaces {
    ethernet eth0 {
    }
    ethernet eth1 {
    }
    ethernet eth2 {
    }
    loopback lo {
    }
}
system {
    console {
        device ttyS0 {
            speed "115200"
        }
    }
    host-name "vyos"
    login {
        user vyos {
            authentication {
                encrypted-password "$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0"
                plaintext-password ""
            }
        }
    }
}

// Warning: Do not remove the following line.
// vyos-config-version: "bgp@6:broadcast-relay@1:cluster@2:config-management@1:conntrack@6:conntrack-sync@2:container@2:dhcp-relay@2:dhcp-server@8:dhcpv6-server@1:dns-dynamic@4:dns-forwarding@4:firewall@15:flow-accounting@1:https@6:ids@1:interfaces@32:ipoe-server@3:ipsec@13:isis@3:l2tp@9:lldp@2:mdns@1:monitoring@1:nat@8:nat66@3:ntp@3:openconnect@3:ospf@2:pim@1:policy@8:pppoe-server@10:pptp@5:qos@2:quagga@11:reverse-proxy@1:rip@1:rpki@2:salt@1:snmp@3:ssh@2:sstp@6:system@27:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
// Release version: 1.4.3
