|
|
@ -2,7 +2,7 @@
|
|
|
|
# From IOT to LAN
|
|
|
|
# From IOT to LAN
|
|
|
|
set firewall ipv4 name iot-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-lan description 'From IOT to LAN'
|
|
|
|
set firewall ipv4 name iot-lan description 'From IOT to LAN'
|
|
|
|
set firewall ipv4 name iot-lan default-log
|
|
|
|
set firewall ipv4 name iot-lan enable-default-log
|
|
|
|
set firewall ipv4 name iot-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name iot-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name iot-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name iot-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name iot-lan rule 999 state invalid
|
|
|
|
set firewall ipv4 name iot-lan rule 999 state invalid
|
|
|
@ -11,7 +11,7 @@ set firewall ipv4 name iot-lan rule 999 log
|
|
|
|
# From IOT to LOCAL
|
|
|
|
# From IOT to LOCAL
|
|
|
|
set firewall ipv4 name iot-local default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-local default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-local description 'From IOT to LOCAL'
|
|
|
|
set firewall ipv4 name iot-local description 'From IOT to LOCAL'
|
|
|
|
set firewall ipv4 name iot-local default-log
|
|
|
|
set firewall ipv4 name iot-local enable-default-log
|
|
|
|
set firewall ipv4 name iot-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name iot-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name iot-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name iot-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name iot-local rule 50 destination port '67,68'
|
|
|
|
set firewall ipv4 name iot-local rule 50 destination port '67,68'
|
|
|
@ -46,13 +46,37 @@ set firewall ipv4 name iot-local rule 999 log
|
|
|
|
# From IOT to SERVERS
|
|
|
|
# From IOT to SERVERS
|
|
|
|
set firewall ipv4 name iot-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-servers description 'From IOT to SERVERS'
|
|
|
|
set firewall ipv4 name iot-servers description 'From IOT to SERVERS'
|
|
|
|
set firewall ipv4 name iot-servers default-log
|
|
|
|
set firewall ipv4 name iot-servers enable-default-log
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 100 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 100 description 'Rule: accept_nas_smb_from_scanners'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 100 destination group address-group 'nas'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 100 destination port 'microsoft-ds'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 100 protocol 'tcp'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 100 source group address-group 'scanners'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 200 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 200 description 'Rule: accept_plex_from_plex_clients'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 200 destination group address-group 'k8s_plex'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 200 destination port '32400'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 200 protocol 'tcp'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 200 source group address-group 'plex_clients'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 300 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 300 description 'Rule: accept_mqtt_from_mqtt_clients'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 300 destination group address-group 'k8s_mqtt'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 300 destination port '1883'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 300 protocol 'tcp'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 300 source group address-group 'mqtt_clients'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 action 'accept'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 action 'accept'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 description 'Rule: accept_k8s_ingress_from_sonos_players'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 description 'Rule: accept_k8s_ingress_from_sonos_players'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 destination group address-group 'k8s_ingress'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 destination group address-group 'k8s_ingress'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 destination port 'http,https'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 destination port 'http,https'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 protocol 'tcp'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 protocol 'tcp'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 source group address-group 'sonos_players'
|
|
|
|
set firewall ipv4 name iot-servers rule 400 source group address-group 'sonos_players'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 410 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 410 description 'Rule: accept_k8s_ingress_from_allowed_devices'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 410 destination group address-group 'k8s_ingress'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 410 destination port 'http,https'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 410 protocol 'tcp'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-servers rule 410 source group address-group 'k8s_ingress_allowed'
|
|
|
|
set firewall ipv4 name iot-servers rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name iot-servers rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name iot-servers rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name iot-servers rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name iot-servers rule 999 state invalid
|
|
|
|
set firewall ipv4 name iot-servers rule 999 state invalid
|
|
|
@ -73,7 +97,19 @@ set firewall ipv4 name iot-containers rule 999 log
|
|
|
|
# From IOT to TRUSTED
|
|
|
|
# From IOT to TRUSTED
|
|
|
|
set firewall ipv4 name iot-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-trusted description 'From IOT to TRUSTED'
|
|
|
|
set firewall ipv4 name iot-trusted description 'From IOT to TRUSTED'
|
|
|
|
set firewall ipv4 name iot-trusted default-log
|
|
|
|
set firewall ipv4 name iot-trusted enable-default-log
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 100 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 100 description 'Rule: accept_udp_from_sonos_players_to_sonos_controllers'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 100 destination group address-group 'sonos_controllers'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 100 destination port '319,320,30000-65535'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 100 protocol 'udp'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 100 source group address-group 'sonos_players'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 110 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 110 description 'Rule: accept_tcp_from_sonos_players_to_sonos_controllers'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 110 destination group address-group 'sonos_controllers'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 110 destination port '1400,3400,3401,3500,30000-65535'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 110 protocol 'tcp'
|
|
|
|
|
|
|
|
set firewall ipv4 name iot-trusted rule 110 source group address-group 'sonos_players'
|
|
|
|
set firewall ipv4 name iot-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name iot-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name iot-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name iot-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name iot-trusted rule 999 state invalid
|
|
|
|
set firewall ipv4 name iot-trusted rule 999 state invalid
|
|
|
@ -82,7 +118,7 @@ set firewall ipv4 name iot-trusted rule 999 log
|
|
|
|
# From IOT to VIDEO
|
|
|
|
# From IOT to VIDEO
|
|
|
|
set firewall ipv4 name iot-video default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-video default-action 'drop'
|
|
|
|
set firewall ipv4 name iot-video description 'From IOT to VIDEO'
|
|
|
|
set firewall ipv4 name iot-video description 'From IOT to VIDEO'
|
|
|
|
set firewall ipv4 name iot-video default-log
|
|
|
|
set firewall ipv4 name iot-video enable-default-log
|
|
|
|
set firewall ipv4 name iot-video rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name iot-video rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name iot-video rule 100 description 'Rule: accept_k8s_nodes'
|
|
|
|
set firewall ipv4 name iot-video rule 100 description 'Rule: accept_k8s_nodes'
|
|
|
|
set firewall ipv4 name iot-video rule 100 protocol 'tcp'
|
|
|
|
set firewall ipv4 name iot-video rule 100 protocol 'tcp'
|
|
|
@ -99,7 +135,7 @@ set firewall ipv4 name iot-wan description 'From IOT to WAN'
|
|
|
|
# From LAN to IoT
|
|
|
|
# From LAN to IoT
|
|
|
|
set firewall ipv4 name lan-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-iot description 'From LAN to IOT'
|
|
|
|
set firewall ipv4 name lan-iot description 'From LAN to IOT'
|
|
|
|
set firewall ipv4 name lan-iot default-log
|
|
|
|
set firewall ipv4 name lan-iot enable-default-log
|
|
|
|
set firewall ipv4 name lan-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name lan-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name lan-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name lan-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name lan-iot rule 999 state invalid
|
|
|
|
set firewall ipv4 name lan-iot rule 999 state invalid
|
|
|
@ -108,7 +144,7 @@ set firewall ipv4 name lan-iot rule 999 log
|
|
|
|
# From LAN to LOCAL
|
|
|
|
# From LAN to LOCAL
|
|
|
|
set firewall ipv4 name lan-local default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-local default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-local description 'From LAN to LOCAL'
|
|
|
|
set firewall ipv4 name lan-local description 'From LAN to LOCAL'
|
|
|
|
set firewall ipv4 name lan-local default-log
|
|
|
|
set firewall ipv4 name lan-local enable-default-log
|
|
|
|
set firewall ipv4 name lan-local rule 40 action 'accept'
|
|
|
|
set firewall ipv4 name lan-local rule 40 action 'accept'
|
|
|
|
set firewall ipv4 name lan-local rule 40 description 'Rule: accept_dns'
|
|
|
|
set firewall ipv4 name lan-local rule 40 description 'Rule: accept_dns'
|
|
|
|
set firewall ipv4 name lan-local rule 40 destination port 'domain,domain-s'
|
|
|
|
set firewall ipv4 name lan-local rule 40 destination port 'domain,domain-s'
|
|
|
@ -138,7 +174,7 @@ set firewall ipv4 name lan-local rule 999 log
|
|
|
|
# From LAN to SERVERS
|
|
|
|
# From LAN to SERVERS
|
|
|
|
set firewall ipv4 name lan-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-servers description 'From LAN to SERVERS'
|
|
|
|
set firewall ipv4 name lan-servers description 'From LAN to SERVERS'
|
|
|
|
set firewall ipv4 name lan-servers default-log
|
|
|
|
set firewall ipv4 name lan-servers enable-default-log
|
|
|
|
set firewall ipv4 name lan-servers rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name lan-servers rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name lan-servers rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name lan-servers rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name lan-servers rule 999 state invalid
|
|
|
|
set firewall ipv4 name lan-servers rule 999 state invalid
|
|
|
@ -159,7 +195,7 @@ set firewall ipv4 name lan-containers rule 999 log
|
|
|
|
# From LAN to TRUSTED
|
|
|
|
# From LAN to TRUSTED
|
|
|
|
set firewall ipv4 name lan-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-trusted description 'From LAN to TRUSTED'
|
|
|
|
set firewall ipv4 name lan-trusted description 'From LAN to TRUSTED'
|
|
|
|
set firewall ipv4 name lan-trusted default-log
|
|
|
|
set firewall ipv4 name lan-trusted enable-default-log
|
|
|
|
set firewall ipv4 name lan-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name lan-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name lan-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name lan-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name lan-trusted rule 999 state invalid
|
|
|
|
set firewall ipv4 name lan-trusted rule 999 state invalid
|
|
|
@ -168,7 +204,7 @@ set firewall ipv4 name lan-trusted rule 999 log
|
|
|
|
# From LAN to VIDEO
|
|
|
|
# From LAN to VIDEO
|
|
|
|
set firewall ipv4 name lan-video default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-video default-action 'drop'
|
|
|
|
set firewall ipv4 name lan-video description 'From LAN to VIDEO'
|
|
|
|
set firewall ipv4 name lan-video description 'From LAN to VIDEO'
|
|
|
|
set firewall ipv4 name lan-video default-log
|
|
|
|
set firewall ipv4 name lan-video enable-default-log
|
|
|
|
set firewall ipv4 name lan-video rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name lan-video rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name lan-video rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name lan-video rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name lan-video rule 999 state invalid
|
|
|
|
set firewall ipv4 name lan-video rule 999 state invalid
|
|
|
@ -181,7 +217,7 @@ set firewall ipv4 name lan-wan description 'From LAN to WAN'
|
|
|
|
# From LOCAL to IOT
|
|
|
|
# From LOCAL to IOT
|
|
|
|
set firewall ipv4 name local-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name local-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name local-iot description 'From LOCAL to IOT'
|
|
|
|
set firewall ipv4 name local-iot description 'From LOCAL to IOT'
|
|
|
|
set firewall ipv4 name local-iot default-log
|
|
|
|
set firewall ipv4 name local-iot enable-default-log
|
|
|
|
set firewall ipv4 name local-iot rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name local-iot rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name local-iot rule 100 description 'Rule: accept_igmp'
|
|
|
|
set firewall ipv4 name local-iot rule 100 description 'Rule: accept_igmp'
|
|
|
|
set firewall ipv4 name local-iot rule 100 protocol '2'
|
|
|
|
set firewall ipv4 name local-iot rule 100 protocol '2'
|
|
|
@ -190,6 +226,11 @@ set firewall ipv4 name local-iot rule 110 description 'Rule: accept_mdns'
|
|
|
|
set firewall ipv4 name local-iot rule 110 destination port 'mdns'
|
|
|
|
set firewall ipv4 name local-iot rule 110 destination port 'mdns'
|
|
|
|
set firewall ipv4 name local-iot rule 110 protocol 'udp'
|
|
|
|
set firewall ipv4 name local-iot rule 110 protocol 'udp'
|
|
|
|
set firewall ipv4 name local-iot rule 110 source port 'mdns'
|
|
|
|
set firewall ipv4 name local-iot rule 110 source port 'mdns'
|
|
|
|
|
|
|
|
set firewall ipv4 name local-iot rule 200 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name local-iot rule 200 description 'Rule: accept_discovery_from_sonos_controllers'
|
|
|
|
|
|
|
|
set firewall ipv4 name local-iot rule 200 destination group port-group sonos-discovery
|
|
|
|
|
|
|
|
set firewall ipv4 name local-iot rule 200 protocol 'udp'
|
|
|
|
|
|
|
|
set firewall ipv4 name local-iot rule 200 source group address-group 'sonos_controllers'
|
|
|
|
set firewall ipv4 name local-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name local-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name local-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name local-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name local-iot rule 999 state invalid
|
|
|
|
set firewall ipv4 name local-iot rule 999 state invalid
|
|
|
@ -198,7 +239,7 @@ set firewall ipv4 name local-iot rule 999 log
|
|
|
|
# From LOCAL to LAN
|
|
|
|
# From LOCAL to LAN
|
|
|
|
set firewall ipv4 name local-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name local-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name local-lan description 'From LOCAL to LAN'
|
|
|
|
set firewall ipv4 name local-lan description 'From LOCAL to LAN'
|
|
|
|
set firewall ipv4 name local-lan default-log
|
|
|
|
set firewall ipv4 name local-lan enable-default-log
|
|
|
|
set firewall ipv4 name local-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name local-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name local-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name local-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name local-lan rule 999 state invalid
|
|
|
|
set firewall ipv4 name local-lan rule 999 state invalid
|
|
|
@ -207,7 +248,7 @@ set firewall ipv4 name local-lan rule 999 log
|
|
|
|
# From LOCAL to SERVERS
|
|
|
|
# From LOCAL to SERVERS
|
|
|
|
set firewall ipv4 name local-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name local-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name local-servers description 'From LOCAL to SERVERS'
|
|
|
|
set firewall ipv4 name local-servers description 'From LOCAL to SERVERS'
|
|
|
|
set firewall ipv4 name local-servers default-log
|
|
|
|
set firewall ipv4 name local-servers enable-default-log
|
|
|
|
set firewall ipv4 name local-servers rule 40 action 'accept'
|
|
|
|
set firewall ipv4 name local-servers rule 40 action 'accept'
|
|
|
|
set firewall ipv4 name local-servers rule 40 description 'Rule: accept_dns'
|
|
|
|
set firewall ipv4 name local-servers rule 40 description 'Rule: accept_dns'
|
|
|
|
set firewall ipv4 name local-servers rule 40 destination port 'domain,domain-s'
|
|
|
|
set firewall ipv4 name local-servers rule 40 destination port 'domain,domain-s'
|
|
|
@ -245,7 +286,7 @@ set firewall ipv4 name local-containers rule 999 log
|
|
|
|
# From LOCAL to TRUSTED
|
|
|
|
# From LOCAL to TRUSTED
|
|
|
|
set firewall ipv4 name local-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name local-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name local-trusted description 'From LOCAL to TRUSTED'
|
|
|
|
set firewall ipv4 name local-trusted description 'From LOCAL to TRUSTED'
|
|
|
|
set firewall ipv4 name local-trusted default-log
|
|
|
|
set firewall ipv4 name local-trusted enable-default-log
|
|
|
|
set firewall ipv4 name local-trusted rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name local-trusted rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name local-trusted rule 100 description 'Rule: accept_igmp'
|
|
|
|
set firewall ipv4 name local-trusted rule 100 description 'Rule: accept_igmp'
|
|
|
|
set firewall ipv4 name local-trusted rule 100 protocol '2'
|
|
|
|
set firewall ipv4 name local-trusted rule 100 protocol '2'
|
|
|
@ -271,7 +312,7 @@ set firewall ipv4 name local-trusted rule 999 log
|
|
|
|
# From LOCAL to VIDEO
|
|
|
|
# From LOCAL to VIDEO
|
|
|
|
set firewall ipv4 name local-video default-action 'drop'
|
|
|
|
set firewall ipv4 name local-video default-action 'drop'
|
|
|
|
set firewall ipv4 name local-video description 'From LOCAL to VIDEO'
|
|
|
|
set firewall ipv4 name local-video description 'From LOCAL to VIDEO'
|
|
|
|
set firewall ipv4 name local-video default-log
|
|
|
|
set firewall ipv4 name local-video enable-default-log
|
|
|
|
set firewall ipv4 name local-video rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name local-video rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name local-video rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name local-video rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name local-video rule 999 state invalid
|
|
|
|
set firewall ipv4 name local-video rule 999 state invalid
|
|
|
@ -285,7 +326,7 @@ set firewall ipv4 name local-wan description 'From LOCAL to WAN'
|
|
|
|
# From SERVERS to IOT
|
|
|
|
# From SERVERS to IOT
|
|
|
|
set firewall ipv4 name servers-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-iot description 'From SERVERS to IOT'
|
|
|
|
set firewall ipv4 name servers-iot description 'From SERVERS to IOT'
|
|
|
|
set firewall ipv4 name servers-iot default-log
|
|
|
|
set firewall ipv4 name servers-iot enable-default-log
|
|
|
|
set firewall ipv4 name servers-iot rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name servers-iot rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name servers-iot rule 100 description 'Rule: accept_k8s_nodes'
|
|
|
|
set firewall ipv4 name servers-iot rule 100 description 'Rule: accept_k8s_nodes'
|
|
|
|
set firewall ipv4 name servers-iot rule 100 protocol 'tcp'
|
|
|
|
set firewall ipv4 name servers-iot rule 100 protocol 'tcp'
|
|
|
@ -302,7 +343,7 @@ set firewall ipv4 name servers-iot rule 999 log
|
|
|
|
# From SERVERS to LAN
|
|
|
|
# From SERVERS to LAN
|
|
|
|
set firewall ipv4 name servers-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-lan description 'From SERVERS to LAN'
|
|
|
|
set firewall ipv4 name servers-lan description 'From SERVERS to LAN'
|
|
|
|
set firewall ipv4 name servers-lan default-log
|
|
|
|
set firewall ipv4 name servers-lan enable-default-log
|
|
|
|
set firewall ipv4 name servers-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name servers-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name servers-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name servers-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name servers-lan rule 999 state invalid
|
|
|
|
set firewall ipv4 name servers-lan rule 999 state invalid
|
|
|
@ -311,7 +352,7 @@ set firewall ipv4 name servers-lan rule 999 log
|
|
|
|
# From SERVERS to LOCAL
|
|
|
|
# From SERVERS to LOCAL
|
|
|
|
set firewall ipv4 name servers-local default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-local default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-local description 'From SERVERS to LOCAL'
|
|
|
|
set firewall ipv4 name servers-local description 'From SERVERS to LOCAL'
|
|
|
|
set firewall ipv4 name servers-local default-log
|
|
|
|
set firewall ipv4 name servers-local enable-default-log
|
|
|
|
set firewall ipv4 name servers-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name servers-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name servers-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name servers-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name servers-local rule 50 destination port '67,68'
|
|
|
|
set firewall ipv4 name servers-local rule 50 destination port '67,68'
|
|
|
@ -351,7 +392,7 @@ set firewall ipv4 name servers-local rule 999 log
|
|
|
|
# From SERVERS to CONTAINERS
|
|
|
|
# From SERVERS to CONTAINERS
|
|
|
|
set firewall ipv4 name servers-containers default-action 'accept'
|
|
|
|
set firewall ipv4 name servers-containers default-action 'accept'
|
|
|
|
set firewall ipv4 name servers-containers description 'From SERVERS to CONTAINERS'
|
|
|
|
set firewall ipv4 name servers-containers description 'From SERVERS to CONTAINERS'
|
|
|
|
set firewall ipv4 name servers-containers default-log
|
|
|
|
set firewall ipv4 name servers-containers enable-default-log
|
|
|
|
set firewall ipv4 name servers-containers rule 40 action 'accept'
|
|
|
|
set firewall ipv4 name servers-containers rule 40 action 'accept'
|
|
|
|
set firewall ipv4 name servers-containers rule 40 description 'Rule: accept_dns'
|
|
|
|
set firewall ipv4 name servers-containers rule 40 description 'Rule: accept_dns'
|
|
|
|
set firewall ipv4 name servers-containers rule 40 destination port 'domain,domain-s'
|
|
|
|
set firewall ipv4 name servers-containers rule 40 destination port 'domain,domain-s'
|
|
|
@ -368,7 +409,7 @@ set firewall ipv4 name servers-containers rule 999 log
|
|
|
|
# From SERVERS to TRUSTED
|
|
|
|
# From SERVERS to TRUSTED
|
|
|
|
set firewall ipv4 name servers-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-trusted description 'From SERVERS to TRUSTED'
|
|
|
|
set firewall ipv4 name servers-trusted description 'From SERVERS to TRUSTED'
|
|
|
|
set firewall ipv4 name servers-trusted default-log
|
|
|
|
set firewall ipv4 name servers-trusted enable-default-log
|
|
|
|
set firewall ipv4 name servers-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name servers-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name servers-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name servers-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name servers-trusted rule 999 state invalid
|
|
|
|
set firewall ipv4 name servers-trusted rule 999 state invalid
|
|
|
@ -377,7 +418,7 @@ set firewall ipv4 name servers-trusted rule 999 log
|
|
|
|
# From SERVERS to VIDEO
|
|
|
|
# From SERVERS to VIDEO
|
|
|
|
set firewall ipv4 name servers-video default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-video default-action 'drop'
|
|
|
|
set firewall ipv4 name servers-video description 'From SERVERS to VIDEO'
|
|
|
|
set firewall ipv4 name servers-video description 'From SERVERS to VIDEO'
|
|
|
|
set firewall ipv4 name servers-video default-log
|
|
|
|
set firewall ipv4 name servers-video enable-default-log
|
|
|
|
set firewall ipv4 name servers-video rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name servers-video rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name servers-video rule 100 description 'Rule: accept_k8s_nodes'
|
|
|
|
set firewall ipv4 name servers-video rule 100 description 'Rule: accept_k8s_nodes'
|
|
|
|
set firewall ipv4 name servers-video rule 100 protocol 'tcp_udp'
|
|
|
|
set firewall ipv4 name servers-video rule 100 protocol 'tcp_udp'
|
|
|
@ -394,7 +435,7 @@ set firewall ipv4 name servers-wan description 'From SERVERS to WAN'
|
|
|
|
# From CONTAINERS to IOT
|
|
|
|
# From CONTAINERS to IOT
|
|
|
|
set firewall ipv4 name containers-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-iot description 'From CONTAINERS to IOT'
|
|
|
|
set firewall ipv4 name containers-iot description 'From CONTAINERS to IOT'
|
|
|
|
set firewall ipv4 name containers-iot default-log
|
|
|
|
set firewall ipv4 name containers-iot enable-default-log
|
|
|
|
set firewall ipv4 name containers-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name containers-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name containers-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name containers-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name containers-iot rule 999 state invalid
|
|
|
|
set firewall ipv4 name containers-iot rule 999 state invalid
|
|
|
@ -403,7 +444,7 @@ set firewall ipv4 name containers-iot rule 999 log
|
|
|
|
# From CONTAINERS to LAN
|
|
|
|
# From CONTAINERS to LAN
|
|
|
|
set firewall ipv4 name containers-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-lan description 'From CONTAINERS to LAN'
|
|
|
|
set firewall ipv4 name containers-lan description 'From CONTAINERS to LAN'
|
|
|
|
set firewall ipv4 name containers-lan default-log
|
|
|
|
set firewall ipv4 name containers-lan enable-default-log
|
|
|
|
set firewall ipv4 name containers-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name containers-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name containers-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name containers-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name containers-lan rule 999 state invalid
|
|
|
|
set firewall ipv4 name containers-lan rule 999 state invalid
|
|
|
@ -412,7 +453,7 @@ set firewall ipv4 name containers-lan rule 999 log
|
|
|
|
# From CONTAINERS to LOCAL
|
|
|
|
# From CONTAINERS to LOCAL
|
|
|
|
set firewall ipv4 name containers-local default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-local default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
|
|
|
|
set firewall ipv4 name containers-local description 'From CONTAINERS to LOCAL'
|
|
|
|
set firewall ipv4 name containers-local default-log
|
|
|
|
set firewall ipv4 name containers-local enable-default-log
|
|
|
|
set firewall ipv4 name containers-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name containers-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name containers-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name containers-local rule 50 destination port '67,68'
|
|
|
|
set firewall ipv4 name containers-local rule 50 destination port '67,68'
|
|
|
@ -438,7 +479,7 @@ set firewall ipv4 name containers-servers rule 999 log
|
|
|
|
# From CONTAINERS to TRUSTED
|
|
|
|
# From CONTAINERS to TRUSTED
|
|
|
|
set firewall ipv4 name containers-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-trusted description 'From CONTAINERS to TRUSTED'
|
|
|
|
set firewall ipv4 name containers-trusted description 'From CONTAINERS to TRUSTED'
|
|
|
|
set firewall ipv4 name containers-trusted default-log
|
|
|
|
set firewall ipv4 name containers-trusted enable-default-log
|
|
|
|
set firewall ipv4 name containers-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name containers-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name containers-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name containers-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name containers-trusted rule 999 state invalid
|
|
|
|
set firewall ipv4 name containers-trusted rule 999 state invalid
|
|
|
@ -447,7 +488,7 @@ set firewall ipv4 name containers-trusted rule 999 log
|
|
|
|
# From CONTAINERS to VIDEO
|
|
|
|
# From CONTAINERS to VIDEO
|
|
|
|
set firewall ipv4 name containers-video default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-video default-action 'drop'
|
|
|
|
set firewall ipv4 name containers-video description 'From CONTAINERS to VIDEO'
|
|
|
|
set firewall ipv4 name containers-video description 'From CONTAINERS to VIDEO'
|
|
|
|
set firewall ipv4 name containers-video default-log
|
|
|
|
set firewall ipv4 name containers-video enable-default-log
|
|
|
|
set firewall ipv4 name containers-video rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name containers-video rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name containers-video rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name containers-video rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name containers-video rule 999 state invalid
|
|
|
|
set firewall ipv4 name containers-video rule 999 state invalid
|
|
|
@ -460,6 +501,16 @@ set firewall ipv4 name containers-wan description 'From CONTAINERS to WAN'
|
|
|
|
# From TRUSTED to IOT
|
|
|
|
# From TRUSTED to IOT
|
|
|
|
set firewall ipv4 name trusted-iot default-action 'accept'
|
|
|
|
set firewall ipv4 name trusted-iot default-action 'accept'
|
|
|
|
set firewall ipv4 name trusted-iot description 'From TRUSTED to IOT'
|
|
|
|
set firewall ipv4 name trusted-iot description 'From TRUSTED to IOT'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 110 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 110 description 'Rule: accept_tcp_from_sonos_controllers_to_sonos_players'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 110 destination port '1400,1443,4444,7000,30000-65535'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 110 protocol 'tcp'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 110 source group address-group 'sonos_controllers'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 111 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 111 description 'Rule: accept_udp_from_sonos_controllers_to_sonos_players'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 111 destination port '319,320,30000-65535'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 111 protocol 'udp'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-iot rule 111 source group address-group 'sonos_controllers'
|
|
|
|
set firewall ipv4 name trusted-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name trusted-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name trusted-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name trusted-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name trusted-iot rule 999 state invalid
|
|
|
|
set firewall ipv4 name trusted-iot rule 999 state invalid
|
|
|
@ -476,7 +527,7 @@ set firewall ipv4 name trusted-lan rule 999 log
|
|
|
|
# From TRUSTED to LOCAL
|
|
|
|
# From TRUSTED to LOCAL
|
|
|
|
set firewall ipv4 name trusted-local default-action 'drop'
|
|
|
|
set firewall ipv4 name trusted-local default-action 'drop'
|
|
|
|
set firewall ipv4 name trusted-local description 'From TRUSTED to LOCAL'
|
|
|
|
set firewall ipv4 name trusted-local description 'From TRUSTED to LOCAL'
|
|
|
|
set firewall ipv4 name trusted-local default-log
|
|
|
|
set firewall ipv4 name trusted-local enable-default-log
|
|
|
|
set firewall ipv4 name trusted-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name trusted-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name trusted-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name trusted-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name trusted-local rule 50 destination port '67,68'
|
|
|
|
set firewall ipv4 name trusted-local rule 50 destination port '67,68'
|
|
|
@ -498,6 +549,11 @@ set firewall ipv4 name trusted-local rule 120 action 'accept'
|
|
|
|
set firewall ipv4 name trusted-local rule 120 description 'Rule: accept_dns'
|
|
|
|
set firewall ipv4 name trusted-local rule 120 description 'Rule: accept_dns'
|
|
|
|
set firewall ipv4 name trusted-local rule 120 destination port 'domain,domain-s'
|
|
|
|
set firewall ipv4 name trusted-local rule 120 destination port 'domain,domain-s'
|
|
|
|
set firewall ipv4 name trusted-local rule 120 protocol 'tcp_udp'
|
|
|
|
set firewall ipv4 name trusted-local rule 120 protocol 'tcp_udp'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-local rule 210 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-local rule 210 description 'Rule: accept_discovery_from_sonos_controllers'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-local rule 210 destination group port-group sonos-discovery
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-local rule 210 protocol 'udp'
|
|
|
|
|
|
|
|
set firewall ipv4 name trusted-local rule 210 source group address-group 'sonos_controllers'
|
|
|
|
set firewall ipv4 name trusted-local rule 211 action 'accept'
|
|
|
|
set firewall ipv4 name trusted-local rule 211 action 'accept'
|
|
|
|
set firewall ipv4 name trusted-local rule 211 description 'Rule: accept_discovery_from_sonos_players'
|
|
|
|
set firewall ipv4 name trusted-local rule 211 description 'Rule: accept_discovery_from_sonos_players'
|
|
|
|
set firewall ipv4 name trusted-local rule 211 destination group port-group sonos-discovery
|
|
|
|
set firewall ipv4 name trusted-local rule 211 destination group port-group sonos-discovery
|
|
|
@ -556,7 +612,12 @@ set firewall ipv4 name trusted-wan description 'From TRUSTED to WAN'
|
|
|
|
# From VIDEO to IOT
|
|
|
|
# From VIDEO to IOT
|
|
|
|
set firewall ipv4 name video-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name video-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name video-iot description 'From VIDEO to IOT'
|
|
|
|
set firewall ipv4 name video-iot description 'From VIDEO to IOT'
|
|
|
|
set firewall ipv4 name video-iot default-log
|
|
|
|
set firewall ipv4 name video-iot enable-default-log
|
|
|
|
|
|
|
|
set firewall ipv4 name video-iot rule 100 action 'accept'
|
|
|
|
|
|
|
|
set firewall ipv4 name video-iot rule 100 description 'Rule: allow connecting to hass'
|
|
|
|
|
|
|
|
set firewall ipv4 name video-iot rule 100 protocol 'tcp'
|
|
|
|
|
|
|
|
set firewall ipv4 name video-iot rule 100 destination group address-group 'k8s_hass'
|
|
|
|
|
|
|
|
set firewall ipv4 name video-iot rule 100 destination port '8123'
|
|
|
|
set firewall ipv4 name video-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name video-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name video-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name video-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name video-iot rule 999 state invalid
|
|
|
|
set firewall ipv4 name video-iot rule 999 state invalid
|
|
|
@ -565,7 +626,7 @@ set firewall ipv4 name video-iot rule 999 log
|
|
|
|
# From VIDEO to LAN
|
|
|
|
# From VIDEO to LAN
|
|
|
|
set firewall ipv4 name video-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name video-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name video-lan description 'From VIDEO to LAN'
|
|
|
|
set firewall ipv4 name video-lan description 'From VIDEO to LAN'
|
|
|
|
set firewall ipv4 name video-lan default-log
|
|
|
|
set firewall ipv4 name video-lan enable-default-log
|
|
|
|
set firewall ipv4 name video-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name video-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name video-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name video-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name video-lan rule 999 state invalid
|
|
|
|
set firewall ipv4 name video-lan rule 999 state invalid
|
|
|
@ -574,7 +635,7 @@ set firewall ipv4 name video-lan rule 999 log
|
|
|
|
# From VIDEO to LOCAL
|
|
|
|
# From VIDEO to LOCAL
|
|
|
|
set firewall ipv4 name video-local default-action 'drop'
|
|
|
|
set firewall ipv4 name video-local default-action 'drop'
|
|
|
|
set firewall ipv4 name video-local description 'From VIDEO to LOCAL'
|
|
|
|
set firewall ipv4 name video-local description 'From VIDEO to LOCAL'
|
|
|
|
set firewall ipv4 name video-local default-log
|
|
|
|
set firewall ipv4 name video-local enable-default-log
|
|
|
|
set firewall ipv4 name video-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name video-local rule 50 action 'accept'
|
|
|
|
set firewall ipv4 name video-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name video-local rule 50 description 'Rule: accept_dhcp'
|
|
|
|
set firewall ipv4 name video-local rule 50 destination port '67,68'
|
|
|
|
set firewall ipv4 name video-local rule 50 destination port '67,68'
|
|
|
@ -592,7 +653,7 @@ set firewall ipv4 name video-local rule 999 log
|
|
|
|
# From VIDEO to SERVERS
|
|
|
|
# From VIDEO to SERVERS
|
|
|
|
set firewall ipv4 name video-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name video-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name video-servers description 'From VIDEO to SERVERS'
|
|
|
|
set firewall ipv4 name video-servers description 'From VIDEO to SERVERS'
|
|
|
|
set firewall ipv4 name video-servers default-log
|
|
|
|
set firewall ipv4 name video-servers enable-default-log
|
|
|
|
set firewall ipv4 name video-servers rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name video-servers rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name video-servers rule 100 description 'Rule: accept_k8s_nodes'
|
|
|
|
set firewall ipv4 name video-servers rule 100 description 'Rule: accept_k8s_nodes'
|
|
|
|
set firewall ipv4 name video-servers rule 100 protocol 'udp'
|
|
|
|
set firewall ipv4 name video-servers rule 100 protocol 'udp'
|
|
|
@ -618,7 +679,7 @@ set firewall ipv4 name video-containers rule 999 log
|
|
|
|
# From VIDEO to TRUSTED
|
|
|
|
# From VIDEO to TRUSTED
|
|
|
|
set firewall ipv4 name video-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name video-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name video-trusted description 'From VIDEO to TRUSTED'
|
|
|
|
set firewall ipv4 name video-trusted description 'From VIDEO to TRUSTED'
|
|
|
|
set firewall ipv4 name video-trusted default-log
|
|
|
|
set firewall ipv4 name video-trusted enable-default-log
|
|
|
|
set firewall ipv4 name video-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name video-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name video-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name video-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name video-trusted rule 999 state invalid
|
|
|
|
set firewall ipv4 name video-trusted rule 999 state invalid
|
|
|
@ -630,7 +691,7 @@ set firewall ipv4 name video-wan description 'From VIDEO to WAN'
|
|
|
|
# From WAN to IOT
|
|
|
|
# From WAN to IOT
|
|
|
|
set firewall ipv4 name wan-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-iot default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-iot description 'From WAN to IOT'
|
|
|
|
set firewall ipv4 name wan-iot description 'From WAN to IOT'
|
|
|
|
set firewall ipv4 name wan-iot default-log
|
|
|
|
set firewall ipv4 name wan-iot enable-default-log
|
|
|
|
set firewall ipv4 name wan-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-iot rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-iot rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-iot rule 999 state invalid
|
|
|
|
set firewall ipv4 name wan-iot rule 999 state invalid
|
|
|
@ -639,7 +700,7 @@ set firewall ipv4 name wan-iot rule 999 log
|
|
|
|
# From WAN to LAN
|
|
|
|
# From WAN to LAN
|
|
|
|
set firewall ipv4 name wan-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-lan default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-lan description 'From WAN to LAN'
|
|
|
|
set firewall ipv4 name wan-lan description 'From WAN to LAN'
|
|
|
|
set firewall ipv4 name wan-lan default-log
|
|
|
|
set firewall ipv4 name wan-lan enable-default-log
|
|
|
|
set firewall ipv4 name wan-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-lan rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-lan rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-lan rule 999 state invalid
|
|
|
|
set firewall ipv4 name wan-lan rule 999 state invalid
|
|
|
@ -648,7 +709,7 @@ set firewall ipv4 name wan-lan rule 999 log
|
|
|
|
# From WAN to LOCAL
|
|
|
|
# From WAN to LOCAL
|
|
|
|
set firewall ipv4 name wan-local default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-local default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-local description 'From WAN to LOCAL'
|
|
|
|
set firewall ipv4 name wan-local description 'From WAN to LOCAL'
|
|
|
|
set firewall ipv4 name wan-local default-log
|
|
|
|
set firewall ipv4 name wan-local enable-default-log
|
|
|
|
set firewall ipv4 name wan-local rule 1 action 'drop'
|
|
|
|
set firewall ipv4 name wan-local rule 1 action 'drop'
|
|
|
|
set firewall ipv4 name wan-local rule 1 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-local rule 1 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-local rule 1 state invalid
|
|
|
|
set firewall ipv4 name wan-local rule 1 state invalid
|
|
|
@ -661,7 +722,7 @@ set firewall ipv4 name wan-local rule 100 protocol 'udp'
|
|
|
|
# From WAN to SERVERS
|
|
|
|
# From WAN to SERVERS
|
|
|
|
set firewall ipv4 name wan-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-servers default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-servers description 'From WAN to SERVERS'
|
|
|
|
set firewall ipv4 name wan-servers description 'From WAN to SERVERS'
|
|
|
|
set firewall ipv4 name wan-servers default-log
|
|
|
|
set firewall ipv4 name wan-servers enable-default-log
|
|
|
|
set firewall ipv4 name wan-servers rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name wan-servers rule 100 action 'accept'
|
|
|
|
set firewall ipv4 name wan-servers rule 100 destination port 32400
|
|
|
|
set firewall ipv4 name wan-servers rule 100 destination port 32400
|
|
|
|
set firewall ipv4 name wan-servers rule 100 protocol 'tcp'
|
|
|
|
set firewall ipv4 name wan-servers rule 100 protocol 'tcp'
|
|
|
@ -674,7 +735,7 @@ set firewall ipv4 name wan-servers rule 999 log
|
|
|
|
# From WAN to CONTAINERS
|
|
|
|
# From WAN to CONTAINERS
|
|
|
|
set firewall ipv4 name wan-containers default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-containers default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-containers description 'From WAN to CONTAINERS'
|
|
|
|
set firewall ipv4 name wan-containers description 'From WAN to CONTAINERS'
|
|
|
|
set firewall ipv4 name wan-containers default-log
|
|
|
|
set firewall ipv4 name wan-containers enable-default-log
|
|
|
|
set firewall ipv4 name wan-containers rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-containers rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-containers rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-containers rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-containers rule 999 state invalid
|
|
|
|
set firewall ipv4 name wan-containers rule 999 state invalid
|
|
|
@ -683,7 +744,7 @@ set firewall ipv4 name wan-containers rule 999 log
|
|
|
|
# From WAN to TRUSTED
|
|
|
|
# From WAN to TRUSTED
|
|
|
|
set firewall ipv4 name wan-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-trusted default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-trusted description 'From WAN to TRUSTED'
|
|
|
|
set firewall ipv4 name wan-trusted description 'From WAN to TRUSTED'
|
|
|
|
set firewall ipv4 name wan-trusted default-log
|
|
|
|
set firewall ipv4 name wan-trusted enable-default-log
|
|
|
|
set firewall ipv4 name wan-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-trusted rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-trusted rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-trusted rule 999 state invalid
|
|
|
|
set firewall ipv4 name wan-trusted rule 999 state invalid
|
|
|
@ -692,8 +753,8 @@ set firewall ipv4 name wan-trusted rule 999 log
|
|
|
|
# From WAN to VIDEO
|
|
|
|
# From WAN to VIDEO
|
|
|
|
set firewall ipv4 name wan-video default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-video default-action 'drop'
|
|
|
|
set firewall ipv4 name wan-video description 'From WAN to VIDEO'
|
|
|
|
set firewall ipv4 name wan-video description 'From WAN to VIDEO'
|
|
|
|
set firewall ipv4 name wan-video default-log
|
|
|
|
set firewall ipv4 name wan-video enable-default-log
|
|
|
|
set firewall ipv4 name wan-video rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-video rule 999 action 'drop'
|
|
|
|
set firewall ipv4 name wan-video rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-video rule 999 description 'Rule: drop_invalid'
|
|
|
|
set firewall ipv4 name wan-video rule 999 state invalid
|
|
|
|
set firewall ipv4 name wan-video rule 999 state invalid
|
|
|
|
set firewall ipv4 name wan-video rule 999 log
|
|
|
|
set firewall ipv4 name wan-video rule 999 log
|