blob: 9b35f28dacf5a83f03d593535ebcf0bbb67a0d59 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
# This is a default rule set that allows IPv4 and IPv6 traffic.
# You can edit as needed. If your rule set gets large we recommend
# cutting and pasting it somewhere to keep a backup.
# Drop all Ethernet frame types that are not IPv4 or IPv6
drop
not ethertype 0x0800 # IPv4
not ethertype 0x0806 # IPv4 ARP
not ethertype 0x86dd # IPv6
;
# Capability: outgoing SSH
cap ssh
id 1000
accept
ipprotocol tcp
dport 22
;
;
# A tag indicating which department people belong to
tag department
id 1000
enum 100 sales
enum 200 marketing
enum 300 accounting
enum 400 engineering
;
# Accept all traffic between members of the same department
accept
tdiff department 0
;
# You can insert other drop, tee, etc. rules here. This rule
# set ends with a blanket accept, making it permissive by
# default.
accept;
|
