firewall/examples/infra.yaml

85 lines
1.2 KiB
YAML
Raw Permalink Normal View History

2023-08-27 22:32:54 +02:00
---
zones:
users-internet-allowed:
file: examples/infra_included.yaml
mgmt:
addrs: 10.203.0.0/16
adm:
addrs: [2a09:6840::/29, 10.128.0.0/16]
internet:
negate: true
zones: [adm, mgmt]
interco-crans:
addrs: 10.0.0.1/32
2023-08-27 22:32:54 +02:00
blacklist:
blocked: adm
reverse_path_filter:
interfaces: back0
filter:
input:
- iif: lo
2023-08-27 22:32:54 +02:00
verdict: accept
- src: adm
protocols:
icmp: true
ospf: true
vrrp: true
2023-08-28 11:50:03 +02:00
verdict: accept
2023-08-30 22:34:29 +02:00
- src: [adm, 10.10.10.10]
2023-08-28 11:50:03 +02:00
protocols:
tcp:
2023-08-28 11:50:03 +02:00
dport: 179
2023-08-27 22:32:54 +02:00
verdict: accept
- src: mgmt
protocols:
tcp:
dport: [22, 240..242]
verdict: accept
- protocols:
icmp: true
verdict: accept
output:
- verdict: accept
forward:
- src: interco-crans
verdict: accept
- src: users-internet-allowed
protocols:
tcp:
dport: [25]
verdict: drop
- src: users-internet-allowed
2023-08-28 12:34:59 +02:00
dst: [10.0.0.1, internet]
verdict: accept
2023-08-30 22:34:29 +02:00
nat:
- src: 100.64.0.0/26
dst: internet
snat:
addr: 45.66.108.0/28
- src: 100.64.0.0/26
dst: internet
snat:
addr: 45.66.108.1
port: 1000..5000
2023-08-27 22:32:54 +02:00
...