set firewall ipv4 name client_to_dmz rule 1 action 'accept'
set firewall ipv4 name client_to_self rule 1 action 'return'
set firewall ipv4 name dmz_to_client rule 1 action 'accept'
set firewall ipv4 name dmz_to_self rule 1 action 'return'
set firewall ipv4 name self_to_client rule 1 action 'return'
set firewall ipv4 name self_to_dmz rule 1 action 'return'

set firewall zone client from dmz firewall name 'dmz_to_client'
set firewall zone client from self firewall name 'self_to_client'
set firewall zone client interface 'eth1'


set firewall zone dmz from client firewall name 'client_to_dmz'
set firewall zone dmz from self firewall name 'self_to_dmz'
set firewall zone dmz interface 'eth0'

set firewall zone self from client firewall name 'client_to_self'
set firewall zone self from dmz firewall name 'dmz_to_self'
set firewall zone self local-zone

set interfaces ethernet eth0 address '10.0.1.1/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth1 address '10.0.2.1/24'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 speed 'auto'

set service config-sync mode 'load'
set service config-sync secondary address '10.0.1.2'
set service config-sync secondary key 'NOT_SECRET_KEY'
set service config-sync secondary port '443'
set service config-sync secondary timeout '3600'
set service config-sync section firewall
set system host-name 'primary-fw'

# vyos/vyos
set system login user vyos authentication encrypted-password '$6$rounds=656000$F7k6yz2G0VDK9vB/$bbhgmGZvgvkreY439xzcigY.ec4iwp9ZV4MISzhEbab.GJ0723n0DUhKmTggKgeRp9.mQU7Ck3uTtPCH0tuxA0'