]>
Commit | Line | Data |
---|---|---|
1 | # blacklisted | |
2 | { from => 'outside', to => 'host', source => '192.168.0.1', dest => '1.2.3.4', dport => 22, action => 'DROP' } | |
3 | # accept in myipset | |
4 | { from => 'outside', to => 'host', source => '172.16.0.10', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' } | |
5 | { from => 'outside', to => 'host', source => '192.168.1.10', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' } | |
6 | # network alias inside myipset | |
7 | { from => 'outside', to => 'host', source => '10.3.0.1', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' } | |
8 | # server alias inside myipset | |
9 | { from => 'outside', to => 'host', source => '10.2.0.111', dest => '1.2.3.4', dport => 22, action => 'ACCEPT' } | |
10 | ||
11 | # not inside myipset | |
12 | { from => 'outside', to => 'host', source => '10.2.0.112', dest => '1.2.3.4', dport => 22, action => 'DROP' } | |
13 | ||
14 | # reject dmzhosts if from myipset | |
15 | { from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.10.1', dport => 22, action => 'REJECT' } | |
16 | { from => 'outside', to => 'host', source => '172.16.0.10', dest => '10.10.11.1', dport => 22, action => 'REJECT' } | |
17 | ||
18 | # management ipset | |
19 | { from => 'outside', to => 'host', source => '192.168.128.1', dport => 8006, action => 'DROP' } | |
20 | { from => 'outside', to => 'host', source => '192.168.128.1', dport => 22, action => 'DROP' } | |
21 | { from => 'outside', to => 'host', source => '192.168.128.2', dport => 8006, action => 'ACCEPT' } | |
22 | { from => 'outside', to => 'host', source => '192.168.128.2', dport => 22, action => 'ACCEPT' } | |
23 |