Updated 'services' to 'containers'

This commit is contained in:
Joseph Hanson 2023-05-25 12:05:22 -05:00
parent 732f5d859f
commit 0d7e11047f
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o

View file

@ -37,9 +37,9 @@ set firewall name guest-servers default-action 'drop'
set firewall name guest-servers description 'From GUEST to SERVERS'
set firewall name guest-servers enable-default-log
# From GUEST to SERVICES
# From GUEST to CONTAINERS
set firewall name guest-containers default-action 'drop'
set firewall name guest-containers description 'From GUEST to SERVICES'
set firewall name guest-containers description 'From GUEST to CONTAINERS'
set firewall name guest-containers enable-default-log
set firewall name guest-containers rule 1 action 'accept'
set firewall name guest-containers rule 1 description 'Rule: accept_dns'
@ -171,9 +171,9 @@ set firewall name iot-servers rule 10 destination port '6002'
set firewall name iot-servers rule 10 protocol 'tcp'
set firewall name iot-servers rule 10 source group address-group 'vector_journald_allowed'
# From IOT to SERVICES
# From IOT to CONTAINERS
set firewall name iot-containers default-action 'accept'
set firewall name iot-containers description 'From IOT to SERVICES'
set firewall name iot-containers description 'From IOT to CONTAINERS'
set firewall name iot-containers rule 1 action 'accept'
set firewall name iot-containers rule 1 description 'Rule: accept_dns'
set firewall name iot-containers rule 1 destination port 'domain,domain-s'
@ -241,9 +241,9 @@ set firewall name lan-servers rule 1 action 'accept'
set firewall name lan-servers rule 1 description 'Rule: accept_icmp'
set firewall name lan-servers rule 1 protocol 'icmp'
# From LAN to SERVICES
# From LAN to CONTAINERS
set firewall name lan-containers default-action 'accept'
set firewall name lan-containers description 'From LAN to SERVICES'
set firewall name lan-containers description 'From LAN to CONTAINERS'
set firewall name lan-containers rule 1 action 'accept'
set firewall name lan-containers rule 1 description 'Rule: accept_dns'
set firewall name lan-containers rule 1 destination port 'domain,domain-s'
@ -313,9 +313,9 @@ set firewall name local-servers rule 4 destination group address-group 'k8s_vect
set firewall name local-servers rule 4 destination port '6001'
set firewall name local-servers rule 4 protocol 'tcp'
# From LOCAL to SERVICES
# From LOCAL to CONTAINERS
set firewall name local-containers default-action 'accept'
set firewall name local-containers description 'From LOCAL to SERVICES'
set firewall name local-containers description 'From LOCAL to CONTAINERS'
set firewall name local-containers rule 1 action 'accept'
set firewall name local-containers rule 1 description 'Rule: accept_dns'
set firewall name local-containers rule 1 destination port 'domain,domain-s'
@ -385,6 +385,7 @@ set firewall name servers-iot rule 5 source group address-group 'k8s_nodes'
# From SERVERS to LAN
set firewall name servers-lan default-action 'drop'
set firewall name servers-lan description 'From SERVERS to LAN'
set firewall name servers-lan enable-default-log
set firewall name servers-lan rule 1 action 'accept'
set firewall name servers-lan rule 1 description 'Rule: accept_icmp'
set firewall name servers-lan rule 1 protocol 'icmp'
@ -430,9 +431,9 @@ set firewall name servers-local rule 8 destination port '3784'
set firewall name servers-local rule 8 protocol 'udp'
set firewall name servers-local rule 8 source group address-group 'k8s_nodes'
# From SERVERS to SERVICES
# From SERVERS to CONTAINERS
set firewall name servers-containers default-action 'accept'
set firewall name servers-containers description 'From SERVERS to SERVICES'
set firewall name servers-containers description 'From SERVERS to CONTAINERS'
set firewall name servers-containers enable-default-log
set firewall name servers-containers rule 1 action 'accept'
set firewall name servers-containers rule 1 description 'Rule: accept_dns'
@ -446,6 +447,7 @@ set firewall name servers-containers rule 2 protocol 'tcp'
# From SERVERS to TRUSTED
set firewall name servers-trusted default-action 'drop'
set firewall name servers-trusted description 'From SERVERS to TRUSTED'
set firewall name servers-trusted enable-default-log
set firewall name servers-trusted rule 1 action 'accept'
set firewall name servers-trusted rule 1 description 'Rule: accept_icmp'
set firewall name servers-trusted rule 1 protocol 'icmp'
@ -466,55 +468,55 @@ set firewall name servers-video rule 2 source group address-group 'k8s_nodes'
set firewall name servers-wan default-action 'accept'
set firewall name servers-wan description 'From SERVERS to WAN'
# From SERVICES to GUEST
set firewall name services-guest default-action 'drop'
set firewall name services-guest description 'From SERVICES to GUEST'
set firewall name services-guest enable-default-log
# From CONTAINERS to GUEST
set firewall name containers-guest default-action 'drop'
set firewall name containers-guest description 'From CONTAINERS to GUEST'
set firewall name containers-guest enable-default-log
# From SERVICES to IOT
set firewall name services-iot default-action 'drop'
set firewall name services-iot description 'From SERVICES to IOT'
set firewall name services-iot enable-default-log
# From CONTAINERS to IOT
set firewall name containers-iot default-action 'drop'
set firewall name containers-iot description 'From CONTAINERS to IOT'
set firewall name containers-iot enable-default-log
# From SERVICES to LAN
set firewall name services-lan default-action 'drop'
set firewall name services-lan description 'From SERVICES to LAN'
set firewall name services-lan enable-default-log
# From CONTAINERS to LAN
set firewall name containers-lan default-action 'drop'
set firewall name containers-lan description 'From CONTAINERS to LAN'
set firewall name containers-lan enable-default-log
# From SERVICES to LOCAL
set firewall name services-local default-action 'drop'
set firewall name services-local description 'From SERVICES to LOCAL'
set firewall name services-local enable-default-log
set firewall name services-local rule 1 action 'accept'
set firewall name services-local rule 1 description 'Rule: accept_ntp'
set firewall name services-local rule 1 destination port 'ntp'
set firewall name services-local rule 1 protocol 'udp'
set firewall name services-local rule 2 action 'accept'
set firewall name services-local rule 2 description 'Rule: accept_dhcp'
set firewall name services-local rule 2 destination port '67,68'
set firewall name services-local rule 2 protocol 'udp'
set firewall name services-local rule 2 source port '67,68'
# From CONTAINERS to LOCAL
set firewall name containers-local default-action 'drop'
set firewall name containers-local description 'From CONTAINERS to LOCAL'
set firewall name containers-local enable-default-log
set firewall name containers-local rule 1 action 'accept'
set firewall name containers-local rule 1 description 'Rule: accept_ntp'
set firewall name containers-local rule 1 destination port 'ntp'
set firewall name containers-local rule 1 protocol 'udp'
set firewall name containers-local rule 2 action 'accept'
set firewall name containers-local rule 2 description 'Rule: accept_dhcp'
set firewall name containers-local rule 2 destination port '67,68'
set firewall name containers-local rule 2 protocol 'udp'
set firewall name containers-local rule 2 source port '67,68'
# From SERVICES to SERVICES
set firewall name services-servers default-action 'accept'
set firewall name services-servers description 'From SERVICES to SERVERS'
set firewall name services-servers rule 1 action 'accept'
set firewall name services-servers rule 1 description 'Rule: accept_icmp'
set firewall name services-servers rule 1 protocol 'icmp'
# From CONTAINERS to SERVERS
set firewall name containers-servers default-action 'accept'
set firewall name containers-servers description 'From CONTAINERS to SERVERS'
set firewall name containers-servers rule 1 action 'accept'
set firewall name containers-servers rule 1 description 'Rule: accept_icmp'
set firewall name containers-servers rule 1 protocol 'icmp'
# From SERVICES to TRUSTED
set firewall name services-trusted default-action 'drop'
set firewall name services-trusted description 'From SERVICES to TRUSTED'
set firewall name services-trusted enable-default-log
# From CONTAINERS to TRUSTED
set firewall name containers-trusted default-action 'drop'
set firewall name containers-trusted description 'From CONTAINERS to TRUSTED'
set firewall name containers-trusted enable-default-log
# From SERVICES to VIDEO
set firewall name services-video default-action 'drop'
set firewall name services-video description 'From SERVICES to VIDEO'
set firewall name services-video enable-default-log
# From CONTAINERS to VIDEO
set firewall name containers-video default-action 'drop'
set firewall name containers-video description 'From CONTAINERS to VIDEO'
set firewall name containers-video enable-default-log
# From SERVICES to WAN
set firewall name services-wan default-action 'accept'
set firewall name services-wan description 'From SERVICES to WAN'
# From CONTAINERS to WAN
set firewall name containers-wan default-action 'accept'
set firewall name containers-wan description 'From CONTAINERS to WAN'
# From TRUSTED to GUEST
set firewall name trusted-guest default-action 'drop'
@ -596,9 +598,9 @@ set firewall name trusted-servers rule 1 action 'accept'
set firewall name trusted-servers rule 1 description 'Rule: accept_icmp'
set firewall name trusted-servers rule 1 protocol 'icmp'
# From TRUSTED to SERVICES
# From TRUSTED to CONTAINERS
set firewall name trusted-containers default-action 'accept'
set firewall name trusted-containers description 'From TRUSTED to SERVICES'
set firewall name trusted-containers description 'From TRUSTED to CONTAINERS'
set firewall name trusted-containers rule 1 action 'accept'
set firewall name trusted-containers rule 1 description 'Rule: accept_dns'
set firewall name trusted-containers rule 1 destination port 'domain,domain-s'
@ -648,15 +650,21 @@ set firewall name video-local rule 2 source port '67,68'
set firewall name video-servers default-action 'drop'
set firewall name video-servers description 'From VIDEO to SERVERS'
set firewall name video-servers enable-default-log
set firewall name video-servers rule 1 action 'accept'
set firewall name video-servers rule 1 description 'Rule: accept_hass_ingress_from_allowed_devices'
set firewall name video-servers rule 1 destination group address-group 'k8s_hass'
set firewall name video-servers rule 1 destination port '8123'
set firewall name video-servers rule 1 protocol 'tcp'
set firewall name video-servers rule 1 source group address-group 'hass_clients'
set firewall name video-servers rule 2 action 'accept'
set firewall name video-servers rule 2 description 'Rule: accept_k8s_nodes'
set firewall name video-servers rule 2 protocol 'udp'
set firewall name video-servers rule 2 destination group address-group 'k8s_nodes'
set firewall name video-servers rule 2 source port '6987-6989'
# From VIDEO to SERVICES
# From VIDEO to CONTAINERS
set firewall name video-containers default-action 'accept'
set firewall name video-containers description 'From VIDEO to SERVICES'
set firewall name video-containers description 'From VIDEO to CONTAINERS'
set firewall name video-containers rule 1 action 'accept'
set firewall name video-containers rule 1 description 'Rule: accept_dns'
set firewall name video-containers rule 1 destination port 'domain,domain-s'
@ -708,7 +716,7 @@ set firewall name wan-servers rule 10 destination address 10.1.1.12
# From WAN to SERVICES
set firewall name wan-containers default-action 'drop'
set firewall name wan-containers description 'From WAN to SERVICES'
set firewall name wan-containers description 'From WAN to CONTAINERS'
set firewall name wan-containers enable-default-log
# From WAN to TRUSTED