From 866b4ac69bca08d8b1fd0f1970933ce6e240d29b Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Wed, 5 Sep 2018 16:43:10 +0300
Subject: setup-dmvpn: configure spoke firewall if active

---
 dmvpn-hub.awall | 25 +++----------------------
 1 file changed, 3 insertions(+), 22 deletions(-)

(limited to 'dmvpn-hub.awall')

diff --git a/dmvpn-hub.awall b/dmvpn-hub.awall
index 067230e..7d9f8ef 100644
--- a/dmvpn-hub.awall
+++ b/dmvpn-hub.awall
@@ -1,12 +1,6 @@
 {
-	"zone": {
-		"dmvpn-ipsec": { "addr": "0.0.0.0/0" },
-		"dmvpn-gre": { "addr": "0.0.0.0/0", "ipsec": true },
-		"dmvpn-bgp": {
-			"iface": "$dmvpn_gre_iface", "addr": "0.0.0.0/0"
-		},
-		"dmvpn": { "iface": "$dmvpn_gre_iface", "route-back": true }
-	},
+	"description": "DMVPN hub",
+	"import": "dmvpn",
 	"log": {
 		"dmvpn": {
 			"mode": "nflog",
@@ -19,18 +13,5 @@
 			}
 		}
 	},
-	"packet-log": [ { "in": "dmvpn", "out": "dmvpn", "log": "dmvpn" } ],
-	"filter": [
-		{
-			"in": "_fw",
-			"service": [ "dns", "http", "https", "ldap", "ldaps" ]
-		},
-		{ "in": "dmvpn-ipsec", "out": "_fw", "service": "ipsec" },
-		{ "in": "_fw", "out": "dmvpn-ipsec", "service": "ipsec" },
-		{ "in": "dmvpn-gre", "out": "_fw", "service": "gre" },
-		{ "in": "_fw", "out": "dmvpn-gre", "service": "gre" },
-		{ "in": "dmvpn-bgp", "out": "_fw", "service": "bgp" },
-		{ "in": "_fw", "out": "dmvpn-bgp", "service": "bgp" },
-		{ "in": "dmvpn", "out": "dmvpn" }
-	]
+	"packet-log": [ { "in": "dmvpn", "out": "dmvpn", "log": "dmvpn" } ]
 }
-- 
cgit v1.2.3