This repository has been archived on 2024-04-29. You can view files and clone it, but cannot push or open issues or pull requests.
vyos-config/config-parts/firewall.sh

43 lines
2.2 KiB
Bash

#!/bin/vbash
# General configuration
set firewall global-options state-policy established action 'accept'
set firewall global-options state-policy related action 'accept'
set firewall global-options all-ping 'enable'
# Address Groups
set firewall group address-group router-addresses address 10.0.0.1
set firewall group address-group router-addresses address 127.0.0.1
set firewall group address-group k8s_nodes address '10.1.1.61-10.1.1.63' # master nodes
set firewall group address-group k8s_nodes address '10.1.1.70-10.1.1.79' # worker nodes
set firewall group address-group home_automation address '10.1.1.51-10.1.1.59' # home automation nodes hass/zwave/mqtt etc
set firewall group address-group k8s_api address '10.5.0.2'
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx
set firewall group address-group graylog address '10.1.1.5'
set firewall group address-group nas address '10.1.1.11-10.1.1.12'
set firewall group address-group unifi_devices address '10.1.0.11'
set firewall group address-group unifi_devices address '10.1.0.12'
set firewall group address-group unifi_devices address '10.1.0.13'
set firewall group address-group unifi_devices address '10.1.0.21'
set firewall group address-group unifi_devices address '10.1.0.22'
set firewall group address-group unifi_devices address '10.1.0.23'
set firewall group address-group unifi_devices address '10.1.0.24'
set firewall group address-group vyos_unifi address '10.5.0.10'
set firewall group network-group k8s_services network '10.45.0.0/16'
# Sonos controllers
set firewall group port-group sonos-controller-api port '1400'
set firewall group port-group sonos-controller-discovery port '1900'
set firewall group address-group sonos_controllers address '10.1.2.21' # jahanson laptop
set firewall group address-group sonos_controllers address '10.1.2.22-10.1.2.23' # Elisia's laptop
set firewall group address-group sonos_controllers address '10.1.2.31-10.1.2.37' # iOS devices
# Sonos players
set firewall group port-group sonos-player-discovery port '1900'
set firewall group address-group sonos_players address '10.1.3.71-10.1.3.75'
# Port groups
set firewall group port-group wireguard port '51820'