I would like to take up this topic once again…
After some testing on my network and some internet research I was able to solve the problem without compromising the security of my NAS.
But from the beginning: Beyond the problem, described at the beginning of this thread (Diagnostic does not work), logging into the Vaultwarden Web Vault with the Yubikey as second factor also stopped working with the firewall configuration below:
Rule 1 => ALL-ALL => xxx.xxx.xxx.xxx (my fixed IP) => Allow.
Rule 2 => ALL-ALL => 192.168.1.1/255.255.255.0 (my network) => Allow
Rule 3 => ALL-ALL => Germany => Allow
Rule 4 => ALL-ALL-ALL => Deny
If rule 4 was disabled everything worked fine. The two problems described above were also eliminated.
However, my internet research revealed that Rule 4 is apparently mandatory to ensure the security of the NAS.
The solution to the problem is to modify rule 4. Unchanged, all services are selected; however, then the HTTPS port 443 and the HTTP port 80 are disabled within this selection list and then looks like this:
Rule 4 => ALL-ALL-(ALL except 443 and 80) => Deny
Then save and that was it.
Maybe it helps one or the other who has the same problem.
kind regards
chuby