chore: Add examples
This commit is contained in:
parent
0aeedfedf1
commit
26fec920b8
GPG key ID:
F46CAAD27C7AB0D5
3 changed files with 81 additions and 73 deletions
73
example.yaml
73
example.yaml
|
|
@ -1,73 +0,0 @@
|
|||
---
|
||||
zones:
|
||||
users-internet-allowed:
|
||||
files: [example.yaml]
|
||||
|
||||
mgmt:
|
||||
addrs: [10.203.0.0/16]
|
||||
|
||||
adm:
|
||||
addrs: [2a09:6840::/29, 10.128.0.0/16]
|
||||
|
||||
internet:
|
||||
negate: true
|
||||
zones: [adm, mgmt]
|
||||
|
||||
# interne: negate KO
|
||||
|
||||
blacklist:
|
||||
enabled: true
|
||||
addr: [0.0.0.0]
|
||||
|
||||
reverse_path_filter:
|
||||
enabled: true
|
||||
|
||||
filter:
|
||||
input:
|
||||
- iif: lo
|
||||
verdict: accept
|
||||
|
||||
- src: mgmt
|
||||
protocols:
|
||||
tcp:
|
||||
dport: [22, 240..242]
|
||||
verdict: accept
|
||||
|
||||
- src: backbone
|
||||
protocols:
|
||||
ospf: true
|
||||
vrrp: true
|
||||
tcp:
|
||||
dport: [179]
|
||||
verdict: accept
|
||||
|
||||
- protocols:
|
||||
icmp: true
|
||||
verdict: accept
|
||||
|
||||
output:
|
||||
- verdict: accept
|
||||
|
||||
forward:
|
||||
- src: interco-crans
|
||||
verdict: accept
|
||||
|
||||
- src: users-internet-allowed
|
||||
protocols:
|
||||
tcp:
|
||||
dport: [25]
|
||||
verdict: drop
|
||||
|
||||
- src: users-internet-allowed
|
||||
dest:
|
||||
addrs: [10.0.0.1]
|
||||
zones: [internet]
|
||||
verdict: accept
|
||||
|
||||
nat:
|
||||
- src:
|
||||
zones: [mgmt]
|
||||
snat:
|
||||
addr: 45.66.108.14
|
||||
persistent: true
|
||||
...
|
||||
78
examples/infra.yaml
Normal file
78
examples/infra.yaml
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
---
|
||||
zones:
|
||||
users-internet-allowed:
|
||||
file: examples/infra_included.yaml
|
||||
|
||||
mgmt:
|
||||
addrs: 10.203.0.0/16
|
||||
|
||||
adm:
|
||||
addrs: [2a09:6840::/29, 10.128.0.0/16]
|
||||
|
||||
internet:
|
||||
negate: true
|
||||
zones: [adm, mgmt]
|
||||
|
||||
|
||||
blacklist:
|
||||
blocked: adm
|
||||
|
||||
|
||||
reverse_path_filter:
|
||||
interfaces: back0
|
||||
|
||||
|
||||
filter:
|
||||
input:
|
||||
- src: internet
|
||||
dst: gitea
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 22
|
||||
verdict: accept
|
||||
|
||||
- iif: lo
|
||||
verdict: accept
|
||||
|
||||
- src: mgmt
|
||||
protocols:
|
||||
tcp:
|
||||
dport: [22, 240..242]
|
||||
verdict: accept
|
||||
|
||||
#
|
||||
# - src: backbone
|
||||
# protocols:
|
||||
# ospf: true
|
||||
# vrrp: true
|
||||
# tcp:
|
||||
# dport: [179]
|
||||
# verdict: accept
|
||||
#
|
||||
# - protocols:
|
||||
# icmp: true
|
||||
# verdict: accept
|
||||
#
|
||||
# output:
|
||||
# - verdict: accept
|
||||
#
|
||||
# forward:
|
||||
# - src: interco-crans
|
||||
# verdict: accept
|
||||
#
|
||||
# - src: users-internet-allowed
|
||||
# protocols:
|
||||
# tcp:
|
||||
# dport: [25]
|
||||
# verdict: drop
|
||||
#
|
||||
# - src: users-internet-allowed
|
||||
# dest: [10.0.0.1, internet]
|
||||
# verdict: accept
|
||||
#
|
||||
# nat:
|
||||
# - src: mgmt
|
||||
# snat:
|
||||
# addr: 45.66.108.14
|
||||
# persistent: true
|
||||
...
|
||||
3
examples/infra_included.yaml
Normal file
3
examples/infra_included.yaml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- 192.168.1.0/24
|
||||
...
|
||||
Loading…
Reference in a new issue