aboutsummaryrefslogtreecommitdiffstats
path: root/dmvpn-hub.awall
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2017-12-28 18:28:49 +0200
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-03-06 16:09:46 +0200
commit1dba01dd8267011eae1ae705faced2858173bf95 (patch)
tree4fa34151c1cf22bf5a1a7c64a69696fa2c646b4e /dmvpn-hub.awall
parent9005bfe91119c56078bca29689e616eb0fce3353 (diff)
downloaddmvpn-tools-0.1.0.tar.bz2
dmvpn-tools-0.1.0.tar.xz
setup scriptv0.1.0
Diffstat (limited to 'dmvpn-hub.awall')
-rw-r--r--dmvpn-hub.awall43
1 files changed, 43 insertions, 0 deletions
diff --git a/dmvpn-hub.awall b/dmvpn-hub.awall
new file mode 100644
index 0000000..7bf13d6
--- /dev/null
+++ b/dmvpn-hub.awall
@@ -0,0 +1,43 @@
+{
+ "zone": {
+ "dmvpn-ipsec": { "addr": "0.0.0.0/0" },
+ "dmvpn-gre": { "addr": "0.0.0.0/0", "ipsec": true },
+ "dmvpn-bgp": {
+ "iface": "$dmvpn_gre_iface", "addr": "0.0.0.0/0"
+ },
+ "dmvpn": { "iface": "$dmvpn_gre_iface", "route-back": true }
+ },
+ "log": {
+ "dmvpn": {
+ "mode": "nflog",
+ "group": "$dmvpn_nflog_group",
+ "range": 128,
+ "limit": {
+ "interval": 15,
+ "src-mask": "$dmvpn_site_mask",
+ "dest-mask": "$dmvpn_site_mask"
+ }
+ }
+ },
+ "packet-log": [ { "in": "dmvpn", "out": "dmvpn", "log": "dmvpn" } ],
+ "filter": [
+ {
+ "in": "_fw",
+ "service": [
+ "dns",
+ "http",
+ "https",
+ "ldap",
+ "ldaps",
+ "ntp"
+ ]
+ },
+ { "in": "dmvpn-ipsec", "out": "_fw", "service": "ipsec" },
+ { "in": "_fw", "out": "dmvpn-ipsec", "service": "ipsec" },
+ { "in": "dmvpn-gre", "out": "_fw", "service": "gre" },
+ { "in": "_fw", "out": "dmvpn-gre", "service": "gre" },
+ { "in": "dmvpn-bgp", "out": "_fw", "service": "bgp" },
+ { "in": "_fw", "out": "dmvpn-bgp", "service": "bgp" },
+ { "in": "dmvpn", "out": "dmvpn" }
+ ]
+}