add sample policy file

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2012-05-01 05:52:31 +0000
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2012-05-01 05:52:31 +0000
commit: 9814104f876a1086b317489a9ca5e227e9e68d41 (patch)
tree: 2c00d479b75f9f0e19b60e995207190bb5d5238e
parent: 9c505451ac419e035370a50391aad6e0f65f9221 (diff)
download: awall-9814104f876a1086b317489a9ca5e227e9e68d41.tar.bz2
awall-9814104f876a1086b317489a9ca5e227e9e68d41.tar.xz
1 files changed, 40 insertions, 0 deletions
diff --git a/sample-policy.json b/sample-policy.json
new file mode 100644
index 0000000..73850c3
--- /dev/null
+++ b/sample-policy.json
@@ -0,0 +1,40 @@
+{
+  "variable": { "internet_if": "eth0" },
+
+  "zone": {
+    "internet": { "iface": "$internet_if" }
+  },
+
+  "policy": [
+    { "in": "internet", "action": "drop" },
+    { "action": "reject" }
+  ]
+
+  "filter": [
+    {
+      "in": "internet",
+      "service": "ping",
+      "action": "accept",
+      "flow-limit": { "count": 10, "interval": 6 }
+    },
+    {
+      "in": "internet",
+      "out": "_fw",
+      "service": "ssh",
+      "action": "accept",
+      "conn-limit": { "count": 3, "interval": 60 }
+    },
+
+    {
+      "in": "_fw",
+      "out": "internet",
+      "service": [ "dns", "http", "ntp" ],
+      "action": "accept"
+    },
+    {
+      "in": "_fw",
+      "service": [ "ping", "ssh" ],
+      "action": "accept"
+    }
+  ]
+}
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2012-05-01 05:52:31 +0000
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2012-05-01 05:52:31 +0000
commit	9814104f876a1086b317489a9ca5e227e9e68d41 (patch)
tree	2c00d479b75f9f0e19b60e995207190bb5d5238e
parent	9c505451ac419e035370a50391aad6e0f65f9221 (diff)
download	awall-9814104f876a1086b317489a9ca5e227e9e68d41.tar.bz2 awall-9814104f876a1086b317489a9ca5e227e9e68d41.tar.xz