aboutsummaryrefslogtreecommitdiffstats
path: root/dmvpn-hub.awall
blob: 067230e0166e786a60b8cdec12844f31a3643b0e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
{
	"zone": {
		"dmvpn-ipsec": { "addr": "0.0.0.0/0" },
		"dmvpn-gre": { "addr": "0.0.0.0/0", "ipsec": true },
		"dmvpn-bgp": {
			"iface": "$dmvpn_gre_iface", "addr": "0.0.0.0/0"
		},
		"dmvpn": { "iface": "$dmvpn_gre_iface", "route-back": true }
	},
	"log": {
		"dmvpn": {
			"mode": "nflog",
			"group": "$dmvpn_nflog_group",
			"range": 128,
			"limit": {
				"interval": 15,
				"src-mask": "$dmvpn_site_mask",
				"dest-mask": "$dmvpn_site_mask"
			}
		}
	},
	"packet-log": [ { "in": "dmvpn", "out": "dmvpn", "log": "dmvpn" } ],
	"filter": [
		{
			"in": "_fw",
			"service": [ "dns", "http", "https", "ldap", "ldaps" ]
		},
		{ "in": "dmvpn-ipsec", "out": "_fw", "service": "ipsec" },
		{ "in": "_fw", "out": "dmvpn-ipsec", "service": "ipsec" },
		{ "in": "dmvpn-gre", "out": "_fw", "service": "gre" },
		{ "in": "_fw", "out": "dmvpn-gre", "service": "gre" },
		{ "in": "dmvpn-bgp", "out": "_fw", "service": "bgp" },
		{ "in": "_fw", "out": "dmvpn-bgp", "service": "bgp" },
		{ "in": "dmvpn", "out": "dmvpn" }
	]
}