Updated 'services' to 'containers'
This commit is contained in:
parent
732f5d859f
commit
0d7e11047f
1 changed files with 65 additions and 57 deletions
|
@ -37,9 +37,9 @@ set firewall name guest-servers default-action 'drop'
|
|||
set firewall name guest-servers description 'From GUEST to SERVERS'
|
||||
set firewall name guest-servers enable-default-log
|
||||
|
||||
# From GUEST to SERVICES
|
||||
# From GUEST to CONTAINERS
|
||||
set firewall name guest-containers default-action 'drop'
|
||||
set firewall name guest-containers description 'From GUEST to SERVICES'
|
||||
set firewall name guest-containers description 'From GUEST to CONTAINERS'
|
||||
set firewall name guest-containers enable-default-log
|
||||
set firewall name guest-containers rule 1 action 'accept'
|
||||
set firewall name guest-containers rule 1 description 'Rule: accept_dns'
|
||||
|
@ -171,9 +171,9 @@ set firewall name iot-servers rule 10 destination port '6002'
|
|||
set firewall name iot-servers rule 10 protocol 'tcp'
|
||||
set firewall name iot-servers rule 10 source group address-group 'vector_journald_allowed'
|
||||
|
||||
# From IOT to SERVICES
|
||||
# From IOT to CONTAINERS
|
||||
set firewall name iot-containers default-action 'accept'
|
||||
set firewall name iot-containers description 'From IOT to SERVICES'
|
||||
set firewall name iot-containers description 'From IOT to CONTAINERS'
|
||||
set firewall name iot-containers rule 1 action 'accept'
|
||||
set firewall name iot-containers rule 1 description 'Rule: accept_dns'
|
||||
set firewall name iot-containers rule 1 destination port 'domain,domain-s'
|
||||
|
@ -241,9 +241,9 @@ set firewall name lan-servers rule 1 action 'accept'
|
|||
set firewall name lan-servers rule 1 description 'Rule: accept_icmp'
|
||||
set firewall name lan-servers rule 1 protocol 'icmp'
|
||||
|
||||
# From LAN to SERVICES
|
||||
# From LAN to CONTAINERS
|
||||
set firewall name lan-containers default-action 'accept'
|
||||
set firewall name lan-containers description 'From LAN to SERVICES'
|
||||
set firewall name lan-containers description 'From LAN to CONTAINERS'
|
||||
set firewall name lan-containers rule 1 action 'accept'
|
||||
set firewall name lan-containers rule 1 description 'Rule: accept_dns'
|
||||
set firewall name lan-containers rule 1 destination port 'domain,domain-s'
|
||||
|
@ -313,9 +313,9 @@ set firewall name local-servers rule 4 destination group address-group 'k8s_vect
|
|||
set firewall name local-servers rule 4 destination port '6001'
|
||||
set firewall name local-servers rule 4 protocol 'tcp'
|
||||
|
||||
# From LOCAL to SERVICES
|
||||
# From LOCAL to CONTAINERS
|
||||
set firewall name local-containers default-action 'accept'
|
||||
set firewall name local-containers description 'From LOCAL to SERVICES'
|
||||
set firewall name local-containers description 'From LOCAL to CONTAINERS'
|
||||
set firewall name local-containers rule 1 action 'accept'
|
||||
set firewall name local-containers rule 1 description 'Rule: accept_dns'
|
||||
set firewall name local-containers rule 1 destination port 'domain,domain-s'
|
||||
|
@ -385,6 +385,7 @@ set firewall name servers-iot rule 5 source group address-group 'k8s_nodes'
|
|||
# From SERVERS to LAN
|
||||
set firewall name servers-lan default-action 'drop'
|
||||
set firewall name servers-lan description 'From SERVERS to LAN'
|
||||
set firewall name servers-lan enable-default-log
|
||||
set firewall name servers-lan rule 1 action 'accept'
|
||||
set firewall name servers-lan rule 1 description 'Rule: accept_icmp'
|
||||
set firewall name servers-lan rule 1 protocol 'icmp'
|
||||
|
@ -430,9 +431,9 @@ set firewall name servers-local rule 8 destination port '3784'
|
|||
set firewall name servers-local rule 8 protocol 'udp'
|
||||
set firewall name servers-local rule 8 source group address-group 'k8s_nodes'
|
||||
|
||||
# From SERVERS to SERVICES
|
||||
# From SERVERS to CONTAINERS
|
||||
set firewall name servers-containers default-action 'accept'
|
||||
set firewall name servers-containers description 'From SERVERS to SERVICES'
|
||||
set firewall name servers-containers description 'From SERVERS to CONTAINERS'
|
||||
set firewall name servers-containers enable-default-log
|
||||
set firewall name servers-containers rule 1 action 'accept'
|
||||
set firewall name servers-containers rule 1 description 'Rule: accept_dns'
|
||||
|
@ -446,6 +447,7 @@ set firewall name servers-containers rule 2 protocol 'tcp'
|
|||
# From SERVERS to TRUSTED
|
||||
set firewall name servers-trusted default-action 'drop'
|
||||
set firewall name servers-trusted description 'From SERVERS to TRUSTED'
|
||||
set firewall name servers-trusted enable-default-log
|
||||
set firewall name servers-trusted rule 1 action 'accept'
|
||||
set firewall name servers-trusted rule 1 description 'Rule: accept_icmp'
|
||||
set firewall name servers-trusted rule 1 protocol 'icmp'
|
||||
|
@ -466,55 +468,55 @@ set firewall name servers-video rule 2 source group address-group 'k8s_nodes'
|
|||
set firewall name servers-wan default-action 'accept'
|
||||
set firewall name servers-wan description 'From SERVERS to WAN'
|
||||
|
||||
# From SERVICES to GUEST
|
||||
set firewall name services-guest default-action 'drop'
|
||||
set firewall name services-guest description 'From SERVICES to GUEST'
|
||||
set firewall name services-guest enable-default-log
|
||||
# From CONTAINERS to GUEST
|
||||
set firewall name containers-guest default-action 'drop'
|
||||
set firewall name containers-guest description 'From CONTAINERS to GUEST'
|
||||
set firewall name containers-guest enable-default-log
|
||||
|
||||
# From SERVICES to IOT
|
||||
set firewall name services-iot default-action 'drop'
|
||||
set firewall name services-iot description 'From SERVICES to IOT'
|
||||
set firewall name services-iot enable-default-log
|
||||
# From CONTAINERS to IOT
|
||||
set firewall name containers-iot default-action 'drop'
|
||||
set firewall name containers-iot description 'From CONTAINERS to IOT'
|
||||
set firewall name containers-iot enable-default-log
|
||||
|
||||
# From SERVICES to LAN
|
||||
set firewall name services-lan default-action 'drop'
|
||||
set firewall name services-lan description 'From SERVICES to LAN'
|
||||
set firewall name services-lan enable-default-log
|
||||
# From CONTAINERS to LAN
|
||||
set firewall name containers-lan default-action 'drop'
|
||||
set firewall name containers-lan description 'From CONTAINERS to LAN'
|
||||
set firewall name containers-lan enable-default-log
|
||||
|
||||
# From SERVICES to LOCAL
|
||||
set firewall name services-local default-action 'drop'
|
||||
set firewall name services-local description 'From SERVICES to LOCAL'
|
||||
set firewall name services-local enable-default-log
|
||||
set firewall name services-local rule 1 action 'accept'
|
||||
set firewall name services-local rule 1 description 'Rule: accept_ntp'
|
||||
set firewall name services-local rule 1 destination port 'ntp'
|
||||
set firewall name services-local rule 1 protocol 'udp'
|
||||
set firewall name services-local rule 2 action 'accept'
|
||||
set firewall name services-local rule 2 description 'Rule: accept_dhcp'
|
||||
set firewall name services-local rule 2 destination port '67,68'
|
||||
set firewall name services-local rule 2 protocol 'udp'
|
||||
set firewall name services-local rule 2 source port '67,68'
|
||||
# From CONTAINERS to LOCAL
|
||||
set firewall name containers-local default-action 'drop'
|
||||
set firewall name containers-local description 'From CONTAINERS to LOCAL'
|
||||
set firewall name containers-local enable-default-log
|
||||
set firewall name containers-local rule 1 action 'accept'
|
||||
set firewall name containers-local rule 1 description 'Rule: accept_ntp'
|
||||
set firewall name containers-local rule 1 destination port 'ntp'
|
||||
set firewall name containers-local rule 1 protocol 'udp'
|
||||
set firewall name containers-local rule 2 action 'accept'
|
||||
set firewall name containers-local rule 2 description 'Rule: accept_dhcp'
|
||||
set firewall name containers-local rule 2 destination port '67,68'
|
||||
set firewall name containers-local rule 2 protocol 'udp'
|
||||
set firewall name containers-local rule 2 source port '67,68'
|
||||
|
||||
# From SERVICES to SERVICES
|
||||
set firewall name services-servers default-action 'accept'
|
||||
set firewall name services-servers description 'From SERVICES to SERVERS'
|
||||
set firewall name services-servers rule 1 action 'accept'
|
||||
set firewall name services-servers rule 1 description 'Rule: accept_icmp'
|
||||
set firewall name services-servers rule 1 protocol 'icmp'
|
||||
# From CONTAINERS to SERVERS
|
||||
set firewall name containers-servers default-action 'accept'
|
||||
set firewall name containers-servers description 'From CONTAINERS to SERVERS'
|
||||
set firewall name containers-servers rule 1 action 'accept'
|
||||
set firewall name containers-servers rule 1 description 'Rule: accept_icmp'
|
||||
set firewall name containers-servers rule 1 protocol 'icmp'
|
||||
|
||||
# From SERVICES to TRUSTED
|
||||
set firewall name services-trusted default-action 'drop'
|
||||
set firewall name services-trusted description 'From SERVICES to TRUSTED'
|
||||
set firewall name services-trusted enable-default-log
|
||||
# From CONTAINERS to TRUSTED
|
||||
set firewall name containers-trusted default-action 'drop'
|
||||
set firewall name containers-trusted description 'From CONTAINERS to TRUSTED'
|
||||
set firewall name containers-trusted enable-default-log
|
||||
|
||||
# From SERVICES to VIDEO
|
||||
set firewall name services-video default-action 'drop'
|
||||
set firewall name services-video description 'From SERVICES to VIDEO'
|
||||
set firewall name services-video enable-default-log
|
||||
# From CONTAINERS to VIDEO
|
||||
set firewall name containers-video default-action 'drop'
|
||||
set firewall name containers-video description 'From CONTAINERS to VIDEO'
|
||||
set firewall name containers-video enable-default-log
|
||||
|
||||
# From SERVICES to WAN
|
||||
set firewall name services-wan default-action 'accept'
|
||||
set firewall name services-wan description 'From SERVICES to WAN'
|
||||
# From CONTAINERS to WAN
|
||||
set firewall name containers-wan default-action 'accept'
|
||||
set firewall name containers-wan description 'From CONTAINERS to WAN'
|
||||
|
||||
# From TRUSTED to GUEST
|
||||
set firewall name trusted-guest default-action 'drop'
|
||||
|
@ -596,9 +598,9 @@ set firewall name trusted-servers rule 1 action 'accept'
|
|||
set firewall name trusted-servers rule 1 description 'Rule: accept_icmp'
|
||||
set firewall name trusted-servers rule 1 protocol 'icmp'
|
||||
|
||||
# From TRUSTED to SERVICES
|
||||
# From TRUSTED to CONTAINERS
|
||||
set firewall name trusted-containers default-action 'accept'
|
||||
set firewall name trusted-containers description 'From TRUSTED to SERVICES'
|
||||
set firewall name trusted-containers description 'From TRUSTED to CONTAINERS'
|
||||
set firewall name trusted-containers rule 1 action 'accept'
|
||||
set firewall name trusted-containers rule 1 description 'Rule: accept_dns'
|
||||
set firewall name trusted-containers rule 1 destination port 'domain,domain-s'
|
||||
|
@ -648,15 +650,21 @@ set firewall name video-local rule 2 source port '67,68'
|
|||
set firewall name video-servers default-action 'drop'
|
||||
set firewall name video-servers description 'From VIDEO to SERVERS'
|
||||
set firewall name video-servers enable-default-log
|
||||
set firewall name video-servers rule 1 action 'accept'
|
||||
set firewall name video-servers rule 1 description 'Rule: accept_hass_ingress_from_allowed_devices'
|
||||
set firewall name video-servers rule 1 destination group address-group 'k8s_hass'
|
||||
set firewall name video-servers rule 1 destination port '8123'
|
||||
set firewall name video-servers rule 1 protocol 'tcp'
|
||||
set firewall name video-servers rule 1 source group address-group 'hass_clients'
|
||||
set firewall name video-servers rule 2 action 'accept'
|
||||
set firewall name video-servers rule 2 description 'Rule: accept_k8s_nodes'
|
||||
set firewall name video-servers rule 2 protocol 'udp'
|
||||
set firewall name video-servers rule 2 destination group address-group 'k8s_nodes'
|
||||
set firewall name video-servers rule 2 source port '6987-6989'
|
||||
|
||||
# From VIDEO to SERVICES
|
||||
# From VIDEO to CONTAINERS
|
||||
set firewall name video-containers default-action 'accept'
|
||||
set firewall name video-containers description 'From VIDEO to SERVICES'
|
||||
set firewall name video-containers description 'From VIDEO to CONTAINERS'
|
||||
set firewall name video-containers rule 1 action 'accept'
|
||||
set firewall name video-containers rule 1 description 'Rule: accept_dns'
|
||||
set firewall name video-containers rule 1 destination port 'domain,domain-s'
|
||||
|
@ -708,7 +716,7 @@ set firewall name wan-servers rule 10 destination address 10.1.1.12
|
|||
|
||||
# From WAN to SERVICES
|
||||
set firewall name wan-containers default-action 'drop'
|
||||
set firewall name wan-containers description 'From WAN to SERVICES'
|
||||
set firewall name wan-containers description 'From WAN to CONTAINERS'
|
||||
set firewall name wan-containers enable-default-log
|
||||
|
||||
# From WAN to TRUSTED
|
||||
|
|
Reference in a new issue