2023-03-29 13:30:45 -05:00
|
|
|
#!/bin/vbash
|
|
|
|
|
|
|
|
# General configuration
|
|
|
|
set firewall state-policy established action 'accept'
|
|
|
|
set firewall state-policy invalid action 'drop'
|
|
|
|
set firewall state-policy related action 'accept'
|
|
|
|
|
|
|
|
# Address Groups
|
|
|
|
set firewall group address-group ios_devices address '10.1.2.31'
|
|
|
|
set firewall group address-group ios_devices address '10.1.2.32'
|
|
|
|
set firewall group address-group ios_devices address '10.1.2.33'
|
|
|
|
set firewall group address-group ios_devices address '10.1.2.34'
|
|
|
|
set firewall group address-group ios_devices address '10.1.2.35'
|
|
|
|
set firewall group address-group ios_devices address '10.1.2.36'
|
|
|
|
|
|
|
|
set firewall group address-group k8s_api address '10.5.0.2'
|
|
|
|
|
2023-07-29 06:50:41 -05:00
|
|
|
# external nginx
|
2023-03-29 13:30:45 -05:00
|
|
|
set firewall group address-group k8s_ingress address '10.45.0.1'
|
2023-07-29 06:50:41 -05:00
|
|
|
# internal nginx
|
|
|
|
set firewall group address-group k8s_ingress address '10.45.0.3'
|
2023-03-29 13:30:45 -05:00
|
|
|
|
|
|
|
set firewall group address-group k8s_ingress_allowed address '10.1.3.35'
|
|
|
|
set firewall group address-group k8s_ingress_allowed address '10.1.3.36'
|
|
|
|
|
|
|
|
set firewall group address-group k8s_mqtt address '10.45.0.10'
|
|
|
|
|
2023-05-26 09:00:33 -05:00
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.41'
|
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.42'
|
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.43'
|
2023-05-30 07:49:47 -05:00
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.44'
|
2023-07-24 10:20:17 -05:00
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.45'
|
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.46'
|
2023-06-14 07:05:11 -05:00
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.61'
|
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.62'
|
|
|
|
set firewall group address-group k8s_nodes address '10.1.1.63'
|
2023-03-29 13:30:45 -05:00
|
|
|
|
2023-05-25 12:11:55 -05:00
|
|
|
set firewall group address-group k8s_hass address '10.45.0.5'
|
2023-03-29 13:30:45 -05:00
|
|
|
set firewall group address-group k8s_plex address '10.45.0.20'
|
|
|
|
set firewall group address-group k8s_vector_aggregator address '10.45.0.2'
|
|
|
|
|
|
|
|
set firewall group address-group mqtt_clients address '10.1.2.21'
|
|
|
|
set firewall group address-group mqtt_clients address '10.1.2.32'
|
|
|
|
set firewall group address-group mqtt_clients address '10.1.3.18'
|
|
|
|
set firewall group address-group mqtt_clients address '10.1.3.22'
|
|
|
|
set firewall group address-group mqtt_clients address '10.1.3.56'
|
2023-07-13 10:58:36 -05:00
|
|
|
set firewall group address-group mqtt_clients address '10.1.3.33' # SwitchBot Plug Mini 1
|
|
|
|
set firewall group address-group mqtt_clients address '10.1.3.34' # SwitchBot Plug Mini 2
|
|
|
|
set firewall group address-group mqtt_clients address '10.1.3.35' # SwitchBot Plug Mini 3
|
|
|
|
set firewall group address-group mqtt_clients address '10.1.3.36' # SwitchBot Plug Mini 4
|
2023-03-29 13:30:45 -05:00
|
|
|
|
2023-05-25 12:11:55 -05:00
|
|
|
set firewall group address-group hass_clients address '10.1.4.12'
|
|
|
|
|
2023-03-29 13:30:45 -05:00
|
|
|
set firewall group address-group nas address '10.1.1.11'
|
|
|
|
|
|
|
|
set firewall group address-group plex_clients address '10.1.2.21'
|
|
|
|
set firewall group address-group plex_clients address '10.1.2.31'
|
|
|
|
set firewall group address-group plex_clients address '10.1.2.32'
|
|
|
|
set firewall group address-group plex_clients address '10.1.2.33'
|
|
|
|
set firewall group address-group plex_clients address '10.1.2.34'
|
|
|
|
set firewall group address-group plex_clients address '10.1.2.35'
|
|
|
|
set firewall group address-group plex_clients address '10.1.2.36'
|
|
|
|
set firewall group address-group plex_clients address '10.1.3.16'
|
|
|
|
|
|
|
|
set firewall group address-group printers address '10.1.3.55'
|
|
|
|
|
|
|
|
set firewall group address-group printer_allowed address '192.168.2.11'
|
|
|
|
|
|
|
|
set firewall group address-group sonos_controllers address '10.1.2.21'
|
|
|
|
set firewall group address-group sonos_controllers address '10.1.2.31'
|
|
|
|
set firewall group address-group sonos_controllers address '10.1.2.32'
|
|
|
|
set firewall group address-group sonos_controllers address '10.1.2.33'
|
|
|
|
set firewall group address-group sonos_controllers address '10.1.2.34'
|
|
|
|
set firewall group address-group sonos_controllers address '10.1.2.36'
|
|
|
|
|
|
|
|
set firewall group address-group sonos_players address '10.1.3.71'
|
|
|
|
set firewall group address-group sonos_players address '10.1.3.72'
|
|
|
|
set firewall group address-group sonos_players address '10.1.3.73'
|
|
|
|
set firewall group address-group sonos_players address '10.1.3.74'
|
|
|
|
|
2023-07-29 07:04:53 -05:00
|
|
|
set firewall group address-group scanners address '10.1.3.55'
|
|
|
|
|
2023-03-29 13:30:45 -05:00
|
|
|
set firewall group address-group unifi_devices address '10.1.0.11'
|
|
|
|
set firewall group address-group unifi_devices address '10.1.0.12'
|
|
|
|
set firewall group address-group unifi_devices address '10.1.0.13'
|
|
|
|
set firewall group address-group unifi_devices address '10.1.0.21'
|
|
|
|
set firewall group address-group unifi_devices address '10.1.0.22'
|
|
|
|
set firewall group address-group unifi_devices address '10.1.0.23'
|
|
|
|
set firewall group address-group unifi_devices address '10.1.0.24'
|
|
|
|
|
|
|
|
set firewall group address-group vector_journald_allowed address '10.1.3.56'
|
|
|
|
set firewall group address-group vector_journald_allowed address '10.1.3.60'
|
|
|
|
|
|
|
|
set firewall group address-group vyos_coredns address '10.5.0.3'
|
|
|
|
|
|
|
|
set firewall group address-group vyos_unifi address '10.5.0.10'
|
|
|
|
|
|
|
|
set firewall group network-group k8s_services network '10.45.0.0/16'
|
|
|
|
|
|
|
|
# Port groups
|
|
|
|
set firewall group port-group wireguard port '51820'
|