From 1dba01dd8267011eae1ae705faced2858173bf95 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Thu, 28 Dec 2017 18:28:49 +0200
Subject: setup script

---
 dmvpn-hub.awall | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 dmvpn-hub.awall

(limited to 'dmvpn-hub.awall')

diff --git a/dmvpn-hub.awall b/dmvpn-hub.awall
new file mode 100644
index 0000000..7bf13d6
--- /dev/null
+++ b/dmvpn-hub.awall
@@ -0,0 +1,43 @@
+{
+	"zone": {
+		"dmvpn-ipsec": { "addr": "0.0.0.0/0" },
+		"dmvpn-gre": { "addr": "0.0.0.0/0", "ipsec": true },
+		"dmvpn-bgp": {
+			"iface": "$dmvpn_gre_iface", "addr": "0.0.0.0/0"
+		},
+		"dmvpn": { "iface": "$dmvpn_gre_iface", "route-back": true }
+	},
+	"log": {
+		"dmvpn": {
+			"mode": "nflog",
+			"group": "$dmvpn_nflog_group",
+			"range": 128,
+			"limit": {
+				"interval": 15,
+				"src-mask": "$dmvpn_site_mask",
+				"dest-mask": "$dmvpn_site_mask"
+			}
+		}
+	},
+	"packet-log": [ { "in": "dmvpn", "out": "dmvpn", "log": "dmvpn" } ],
+	"filter": [
+		{
+			"in": "_fw",
+			"service": [
+				"dns",
+				"http",
+				"https",
+				"ldap",
+				"ldaps",
+				"ntp"
+			]
+		},
+		{ "in": "dmvpn-ipsec", "out": "_fw", "service": "ipsec" },
+		{ "in": "_fw", "out": "dmvpn-ipsec", "service": "ipsec" },
+		{ "in": "dmvpn-gre", "out": "_fw", "service": "gre" },
+		{ "in": "_fw", "out": "dmvpn-gre", "service": "gre" },
+		{ "in": "dmvpn-bgp", "out": "_fw", "service": "bgp" },
+		{ "in": "_fw", "out": "dmvpn-bgp", "service": "bgp" },
+		{ "in": "dmvpn", "out": "dmvpn" }
+	]
+}
-- 
cgit v1.2.3