Commit dbe6ba03 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

basic default policies

parent 57d9d985
......@@ -35,6 +35,7 @@ endef
$(eval $(call copy,awall,usr/share/lua/$(LUA_VERSION)/awall,lua))
$(eval $(call copy,mandatory,$(resdir)/mandatory,json))
$(eval $(call copy,optional,$(resdir)/optional,json))
$(eval $(call rename,awall-cli,usr/sbin/awall,755))
$(eval $(call rename,sample-policy.json,$(resdir)/sample/sample-policy.json,644))
......
{
"description": "Allow DHCP",
"filter": [
{ "in": "$DHCP_ZONES", "out": "_fw", "service": "dhcp" },
{ "in": "_fw", "out": "$DHCP_ZONES", "service": "dhcp" }
]
}
{
"description": "DNS client",
"filter": [ { "in": "_fw", "out": "wan", "service": "dns" } ]
}
{
"description": "HTTP client",
"filter": [ { "in": "_fw", "out": "wan", "service": "http" } ]
}
{
"description": "NTP client",
"filter": [ { "in": "_fw", "out": "wan", "service": "ntp" } ]
}
{
"description": "Allow ICMP echo request",
"after": "router",
"filter": [
{ "in": "wan", "service": "ping", "flow-limit": 3 },
{ "service": "ping" }
]
}
{
"description": "Router",
"zone": { "lan": { "iface": "$LAN_IFACES", "addr": "$LAN_ADDRS" } },
"filter": [
{ "in": "wan", "dest": "$LAN_PRIVATE_ADDRS", "action": "drop" }
],
"policy": [ { "in": "lan", "out": "wan" } ],
"nat": [ { "out": "wan", "src": "$LAN_PRIVATE_ADDRS" } ]
}
{
"description": "SSH server",
"filter": [
{
"in": "wan",
"out": "_fw",
"service": "ssh",
"conn-limit": { "count": 1, "interval": 10 }
},
{ "out": "_fw", "service": "ssh" }
]
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment