{ "description": "default drop/reject all", "variable": { "loop_if": "lo", "internet_if": "eth0", "container_if": "docker+" }, "zone": { "lo": { "iface": "$loop_if" }, "internet": { "iface": "$internet_if" }, "container": { "iface": "$container_if" } }, "policy": [ { "in": "internet", "action": "drop" }, { "in": "lo", "action": "accept" }, { "in": "_fw", "action": "accept" }, { "in": "container", "action": "accept" }, { "action": "reject" } ], "filter": [ { "in": "internet", "service": "ping", "action": "accept", "flow-limit": { "count": 10, "interval": 6 } } ] }