firewall/example.yaml

---
zones:
  users-internet-allowed:
    files: [example.yaml]

  mgmt:
    addrs: [10.203.0.0/16]

  adm:
    addrs: [2a09:6840::/29, 10.128.0.0/16]

  internet:
    negate: true
    zones: [adm, mgmt]

# interne: negate KO

blacklist:
  enabled: true
  addr: [0.0.0.0]

reverse_path_filter:
  enabled: true

filter:
  input:
    - iif: lo
      verdict: accept

    - src: mgmt
      protocols:
        tcp:
          dport: [22, 240..242]
      verdict: accept

    - src: backbone
      protocols:
        ospf: true
        vrrp: true
        tcp:
            dport: [179]
      verdict: accept

    - protocols:
        icmp: true
      verdict: accept

  output:
    - verdict: accept

  forward:
    - src: interco-crans
      verdict: accept

    - src: users-internet-allowed
      protocols:
        tcp:
          dport: [25]
      verdict: drop

    - src: users-internet-allowed
      dest:
        addrs: [10.0.0.1]
        zones: [internet]
      verdict: accept

nat:
  - src:
      zones: [mgmt]
    snat:
      addr: 45.66.108.14
      persistent: true
...
Initial DSL 2023-04-16 23:11:54 +02:00			`---`
			`zones:`
feat(zones): Early zone management 2023-08-13 18:40:29 +02:00			`users-internet-allowed:`
			`files: [example.yaml]`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
feat(zones): Early zone management 2023-08-13 18:40:29 +02:00			`mgmt:`
			`addrs: [10.203.0.0/16]`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
feat(zones): Early zone management 2023-08-13 18:40:29 +02:00			`adm:`
			`addrs: [2a09:6840::/29, 10.128.0.0/16]`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
feat(zones): Early zone management 2023-08-13 18:40:29 +02:00			`internet:`
			`negate: true`
			`zones: [adm, mgmt]`

			`# interne: negate KO`
Initial DSL 2023-04-16 23:11:54 +02:00
			`blacklist:`
			`enabled: true`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00			`addr: [0.0.0.0]`
Initial DSL 2023-04-16 23:11:54 +02:00
			`reverse_path_filter:`
			`enabled: true`

			`filter:`
			`input:`
			`- iif: lo`
			`verdict: accept`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
Initial DSL 2023-04-16 23:11:54 +02:00			`- src: mgmt`
			`protocols:`
			`tcp:`
feat(pydantic): Add Port and PortRange 2023-06-16 23:26:07 +02:00			`dport: [22, 240..242]`
Initial DSL 2023-04-16 23:11:54 +02:00			`verdict: accept`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
Initial DSL 2023-04-16 23:11:54 +02:00			`- src: backbone`
			`protocols:`
			`ospf: true`
			`vrrp: true`
			`tcp:`
feat(pydantic): Add Port and PortRange 2023-06-16 23:26:07 +02:00			`dport: [179]`
Initial DSL 2023-04-16 23:11:54 +02:00			`verdict: accept`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
Initial DSL 2023-04-16 23:11:54 +02:00			`- protocols:`
			`icmp: true`
			`verdict: accept`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
Initial DSL 2023-04-16 23:11:54 +02:00			`output:`
			`- verdict: accept`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
Initial DSL 2023-04-16 23:11:54 +02:00			`forward:`
			`- src: interco-crans`
			`verdict: accept`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
Initial DSL 2023-04-16 23:11:54 +02:00			`- src: users-internet-allowed`
feat: Multiple improvements (Restrictive fields, range port, exactly one inclusion/exclusion in zones) 2023-06-16 19:18:33 +02:00			`protocols:`
			`tcp:`
feat(pydantic): Add Port and PortRange 2023-06-16 23:26:07 +02:00			`dport: [25]`
Initial DSL 2023-04-16 23:11:54 +02:00			`verdict: drop`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00
Initial DSL 2023-04-16 23:11:54 +02:00			`- src: users-internet-allowed`
			`dest:`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00			`addrs: [10.0.0.1]`
			`zones: [internet]`
Initial DSL 2023-04-16 23:11:54 +02:00			`verdict: accept`

			`nat:`
feat(pydantic): Add ZoneEntries 2023-06-17 00:19:19 +02:00			`- src:`
			`zones: [mgmt]`
Initial DSL 2023-04-16 23:11:54 +02:00			`snat:`
			`addr: 45.66.108.14`
			`persistent: true`
			`...`