diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2017-12-28 18:28:49 +0200 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-03-06 16:09:46 +0200 |
commit | 1dba01dd8267011eae1ae705faced2858173bf95 (patch) | |
tree | 4fa34151c1cf22bf5a1a7c64a69696fa2c646b4e /dmvpn-hub.awall | |
parent | 9005bfe91119c56078bca29689e616eb0fce3353 (diff) | |
download | dmvpn-tools-1dba01dd8267011eae1ae705faced2858173bf95.tar.bz2 dmvpn-tools-1dba01dd8267011eae1ae705faced2858173bf95.tar.xz |
setup scriptv0.1.0
Diffstat (limited to 'dmvpn-hub.awall')
-rw-r--r-- | dmvpn-hub.awall | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/dmvpn-hub.awall b/dmvpn-hub.awall new file mode 100644 index 0000000..7bf13d6 --- /dev/null +++ b/dmvpn-hub.awall @@ -0,0 +1,43 @@ +{ + "zone": { + "dmvpn-ipsec": { "addr": "0.0.0.0/0" }, + "dmvpn-gre": { "addr": "0.0.0.0/0", "ipsec": true }, + "dmvpn-bgp": { + "iface": "$dmvpn_gre_iface", "addr": "0.0.0.0/0" + }, + "dmvpn": { "iface": "$dmvpn_gre_iface", "route-back": true } + }, + "log": { + "dmvpn": { + "mode": "nflog", + "group": "$dmvpn_nflog_group", + "range": 128, + "limit": { + "interval": 15, + "src-mask": "$dmvpn_site_mask", + "dest-mask": "$dmvpn_site_mask" + } + } + }, + "packet-log": [ { "in": "dmvpn", "out": "dmvpn", "log": "dmvpn" } ], + "filter": [ + { + "in": "_fw", + "service": [ + "dns", + "http", + "https", + "ldap", + "ldaps", + "ntp" + ] + }, + { "in": "dmvpn-ipsec", "out": "_fw", "service": "ipsec" }, + { "in": "_fw", "out": "dmvpn-ipsec", "service": "ipsec" }, + { "in": "dmvpn-gre", "out": "_fw", "service": "gre" }, + { "in": "_fw", "out": "dmvpn-gre", "service": "gre" }, + { "in": "dmvpn-bgp", "out": "_fw", "service": "bgp" }, + { "in": "_fw", "out": "dmvpn-bgp", "service": "bgp" }, + { "in": "dmvpn", "out": "dmvpn" } + ] +} |