diff options
| -rw-r--r-- | sample-policy.json | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/sample-policy.json b/sample-policy.json new file mode 100644 index 0000000..73850c3 --- /dev/null +++ b/sample-policy.json @@ -0,0 +1,40 @@ +{ + "variable": { "internet_if": "eth0" }, + + "zone": { + "internet": { "iface": "$internet_if" } + }, + + "policy": [ + { "in": "internet", "action": "drop" }, + { "action": "reject" } + ] + + "filter": [ + { + "in": "internet", + "service": "ping", + "action": "accept", + "flow-limit": { "count": 10, "interval": 6 } + }, + { + "in": "internet", + "out": "_fw", + "service": "ssh", + "action": "accept", + "conn-limit": { "count": 3, "interval": 60 } + }, + + { + "in": "_fw", + "out": "internet", + "service": [ "dns", "http", "ntp" ], + "action": "accept" + }, + { + "in": "_fw", + "service": [ "ping", "ssh" ], + "action": "accept" + } + ] +} |