container-server/setup/awall/default.json

33 lines
686 B
JSON
Raw Normal View History

{
"description": "default drop/reject all",
"variable": {
"loop_if": "lo",
"internet_if": "eth0",
"container_if": ["docker+", "br-+"]
},
"zone": {
"lo": { "iface": "$loop_if" },
"internet": { "iface": "$internet_if" },
"container": { "iface": "$container_if" }
},
"policy": [
{ "in": "internet", "action": "drop" },
{ "in": "lo", "action": "accept" },
{ "in": "_fw", "action": "accept" },
{ "in": "container", "action": "accept" },
{ "action": "reject" }
],
"filter": [
{
"in": "internet",
"service": "ping",
"action": "accept",
"flow-limit": { "count": 10, "interval": 6 }
}
]
}