66 lines
1 KiB
Python
66 lines
1 KiB
Python
|
---
|
||
|
|
zones:
|
||
|
|
- name: users-internet-allowed
|
||
|
|
include:
|
||
|
|
- rules.yaml
|
||
|
|
- name: mgmt
|
||
|
|
include:
|
||
|
|
- 10.203.0.0/16
|
||
|
|
- name: adm
|
||
|
|
include:
|
||
|
|
- 2a09:6840::/29
|
||
|
|
- 10.128.0.0/16
|
||
|
|
- name: internet
|
||
|
|
exclude:
|
||
|
|
- adm
|
||
|
|
- mgmt
|
||
|
|
|
||
|
|
blacklist:
|
||
|
|
enabled: true
|
||
|
|
addr:
|
||
|
|
- 0.0.0.0
|
||
|
|
|
||
|
|
reverse_path_filter:
|
||
|
|
enabled: true
|
||
|
|
|
||
|
|
filter:
|
||
|
|
input:
|
||
|
|
- iif: lo
|
||
|
|
verdict: accept
|
||
|
|
- src: mgmt
|
||
|
|
protocols:
|
||
|
|
tcp:
|
||
|
|
dport: "22,240..242"
|
||
|
|
verdict: accept
|
||
|
|
- src: backbone
|
||
|
|
protocols:
|
||
|
|
ospf: true
|
||
|
|
vrrp: true
|
||
|
|
tcp:
|
||
|
|
dport: 179
|
||
|
|
verdict: accept
|
||
|
|
- protocols:
|
||
|
|
icmp: true
|
||
|
|
verdict: accept
|
||
|
|
output:
|
||
|
|
- verdict: accept
|
||
|
|
forward:
|
||
|
|
- src: interco-crans
|
||
|
|
verdict: accept
|
||
|
|
- src: users-internet-allowed
|
||
|
|
tcp:
|
||
|
|
dport: 25
|
||
|
|
verdict: drop
|
||
|
|
- src: users-internet-allowed
|
||
|
|
dest:
|
||
|
|
- internet
|
||
|
|
- 10.0.0.1
|
||
|
|
verdict: accept
|
||
|
|
|
||
|
|
nat:
|
||
|
|
- src: mgmt
|
||
|
|
snat:
|
||
|
|
addr: 45.66.108.14
|
||
|
|
persistent: true
|
||
|
|
...
|