sample-policy.json 799 Bytes
Newer Older
Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
1
{
2 3
  "description": "Sample awall policy; copy to /etc/awall to use",

Kaarle Ritvanen's avatar
Kaarle Ritvanen committed
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
  "variable": { "internet_if": "eth0" },

  "zone": {
    "internet": { "iface": "$internet_if" }
  },

  "policy": [
    { "in": "internet", "action": "drop" },
    { "action": "reject" }
  ]

  "filter": [
    {
      "in": "internet",
      "service": "ping",
      "action": "accept",
      "flow-limit": { "count": 10, "interval": 6 }
    },
    {
      "in": "internet",
      "out": "_fw",
      "service": "ssh",
      "action": "accept",
      "conn-limit": { "count": 3, "interval": 60 }
    },

    {
      "in": "_fw",
      "out": "internet",
      "service": [ "dns", "http", "ntp" ],
      "action": "accept"
    },
    {
      "in": "_fw",
      "service": [ "ping", "ssh" ],
      "action": "accept"
    }
  ]
}