chore: Add examples

This commit is contained in:
v-lafeychine 2023-08-27 22:32:54 +02:00
parent 0aeedfedf1
commit 26fec920b8
Signed by: v-lafeychine
GPG key ID: F46CAAD27C7AB0D5
3 changed files with 81 additions and 73 deletions

View file

@ -1,73 +0,0 @@
---
zones:
users-internet-allowed:
files: [example.yaml]
mgmt:
addrs: [10.203.0.0/16]
adm:
addrs: [2a09:6840::/29, 10.128.0.0/16]
internet:
negate: true
zones: [adm, mgmt]
# interne: negate KO
blacklist:
enabled: true
addr: [0.0.0.0]
reverse_path_filter:
enabled: true
filter:
input:
- iif: lo
verdict: accept
- src: mgmt
protocols:
tcp:
dport: [22, 240..242]
verdict: accept
- src: backbone
protocols:
ospf: true
vrrp: true
tcp:
dport: [179]
verdict: accept
- protocols:
icmp: true
verdict: accept
output:
- verdict: accept
forward:
- src: interco-crans
verdict: accept
- src: users-internet-allowed
protocols:
tcp:
dport: [25]
verdict: drop
- src: users-internet-allowed
dest:
addrs: [10.0.0.1]
zones: [internet]
verdict: accept
nat:
- src:
zones: [mgmt]
snat:
addr: 45.66.108.14
persistent: true
...

78
examples/infra.yaml Normal file
View file

@ -0,0 +1,78 @@
---
zones:
users-internet-allowed:
file: examples/infra_included.yaml
mgmt:
addrs: 10.203.0.0/16
adm:
addrs: [2a09:6840::/29, 10.128.0.0/16]
internet:
negate: true
zones: [adm, mgmt]
blacklist:
blocked: adm
reverse_path_filter:
interfaces: back0
filter:
input:
- src: internet
dst: gitea
protocols:
tcp:
dport: 22
verdict: accept
- iif: lo
verdict: accept
- src: mgmt
protocols:
tcp:
dport: [22, 240..242]
verdict: accept
#
# - src: backbone
# protocols:
# ospf: true
# vrrp: true
# tcp:
# dport: [179]
# verdict: accept
#
# - protocols:
# icmp: true
# verdict: accept
#
# output:
# - verdict: accept
#
# forward:
# - src: interco-crans
# verdict: accept
#
# - src: users-internet-allowed
# protocols:
# tcp:
# dport: [25]
# verdict: drop
#
# - src: users-internet-allowed
# dest: [10.0.0.1, internet]
# verdict: accept
#
# nat:
# - src: mgmt
# snat:
# addr: 45.66.108.14
# persistent: true
...

View file

@ -0,0 +1,3 @@
---
- 192.168.1.0/24
...