2022-11-13 01:10:26 +01:00
|
|
|
{
|
|
|
|
"description": "default drop/reject all",
|
|
|
|
|
|
|
|
"variable": {
|
2022-11-23 21:44:02 +01:00
|
|
|
"loop_if": "lo",
|
2022-11-13 01:10:26 +01:00
|
|
|
"internet_if": "eth0",
|
2023-08-09 11:34:50 +02:00
|
|
|
"container_if": "docker+"
|
2022-11-13 01:10:26 +01:00
|
|
|
},
|
|
|
|
|
|
|
|
"zone": {
|
2022-11-23 21:44:02 +01:00
|
|
|
"lo": { "iface": "$loop_if" },
|
2022-11-13 01:10:26 +01:00
|
|
|
"internet": { "iface": "$internet_if" },
|
|
|
|
"container": { "iface": "$container_if" }
|
|
|
|
},
|
|
|
|
|
|
|
|
"policy": [
|
|
|
|
{ "in": "internet", "action": "drop" },
|
2022-11-23 21:44:02 +01:00
|
|
|
{ "in": "lo", "action": "accept" },
|
|
|
|
{ "in": "_fw", "action": "accept" },
|
|
|
|
{ "in": "container", "action": "accept" },
|
2022-11-13 01:10:26 +01:00
|
|
|
{ "action": "reject" }
|
|
|
|
],
|
|
|
|
|
|
|
|
"filter": [
|
|
|
|
{
|
|
|
|
"in": "internet",
|
|
|
|
"service": "ping",
|
|
|
|
"action": "accept",
|
|
|
|
"flow-limit": { "count": 10, "interval": 6 }
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|