mirror of
https://github.com/didyouexpectthat/zerotierone.git
synced 2024-09-19 12:20:21 -07:00
41 lines
817 B
Plaintext
41 lines
817 B
Plaintext
# This is a default rule set that allows IPv4 and IPv6 traffic.
|
|
# You can edit as needed. If your rule set gets large we recommend
|
|
# cutting and pasting it somewhere to keep a backup.
|
|
|
|
# Drop all Ethernet frame types that are not IPv4 or IPv6
|
|
drop
|
|
not ethertype 0x0800 # IPv4
|
|
not ethertype 0x0806 # IPv4 ARP
|
|
not ethertype 0x86dd # IPv6
|
|
;
|
|
|
|
# Capability: outgoing SSH
|
|
cap ssh
|
|
id 1000
|
|
accept
|
|
ipprotocol tcp
|
|
dport 22
|
|
;
|
|
;
|
|
|
|
# A tag indicating which department people belong to
|
|
tag department
|
|
id 1000
|
|
enum 100 sales
|
|
enum 200 marketing
|
|
enum 300 accounting
|
|
enum 400 engineering
|
|
;
|
|
|
|
# Accept all traffic between members of the same department
|
|
accept
|
|
tdiff department 0
|
|
;
|
|
|
|
# You can insert other drop, tee, etc. rules here. This rule
|
|
# set ends with a blanket accept, making it permissive by
|
|
# default.
|
|
|
|
accept;
|
|
|