dmvpn-hub.awall


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

{
	"zone": {
		"dmvpn-ipsec": { "addr": "0.0.0.0/0" },
		"dmvpn-gre": { "addr": "0.0.0.0/0", "ipsec": true },
		"dmvpn-bgp": {
			"iface": "$dmvpn_gre_iface", "addr": "0.0.0.0/0"
		},
		"dmvpn": { "iface": "$dmvpn_gre_iface", "route-back": true }
	},
	"log": {
		"dmvpn": {
			"mode": "nflog",
			"group": "$dmvpn_nflog_group",
			"range": 128,
			"limit": {
				"interval": 15,
				"src-mask": "$dmvpn_site_mask",
				"dest-mask": "$dmvpn_site_mask"
			}
		}
	},
	"packet-log": [ { "in": "dmvpn", "out": "dmvpn", "log": "dmvpn" } ],
	"filter": [
		{
			"in": "_fw",
			"service": [
				"dns",
				"http",
				"https",
				"ldap",
				"ldaps",
				"ntp"
			]
		},
		{ "in": "dmvpn-ipsec", "out": "_fw", "service": "ipsec" },
		{ "in": "_fw", "out": "dmvpn-ipsec", "service": "ipsec" },
		{ "in": "dmvpn-gre", "out": "_fw", "service": "gre" },
		{ "in": "_fw", "out": "dmvpn-gre", "service": "gre" },
		{ "in": "dmvpn-bgp", "out": "_fw", "service": "bgp" },
		{ "in": "_fw", "out": "dmvpn-bgp", "service": "bgp" },
		{ "in": "dmvpn", "out": "dmvpn" }
	]
}