Konstantin Veltmann
2a9cfc1fe5
Ferris is no longer able to access any devices on the home network other than duke. This makes sure that even if ferris got compromised, the other devices would be safe(r)
33 lines
529 B
JSON
33 lines
529 B
JSON
{
|
|
"tagOwners": {
|
|
"tag:ferris": ["weckyy702@"]
|
|
},
|
|
|
|
"hosts": {
|
|
"duke.veltnet": "10.10.0.135/32",
|
|
"homenet": "10.10.0.0/16"
|
|
},
|
|
|
|
"acls": [
|
|
/*Untagged devices have access to everything*/
|
|
{
|
|
"action": "accept",
|
|
"src": ["autogroup:member"],
|
|
"dst": [
|
|
"autogroup:internet:*",
|
|
"autogroup:member:*",
|
|
"autogroup:tagged:*",
|
|
"homenet:*"
|
|
]
|
|
},
|
|
/*Ferris can only access the services hosted on duke*/
|
|
{
|
|
"action": "accept",
|
|
"src": ["tag:ferris"],
|
|
"dst": [
|
|
"duke.veltnet:*"
|
|
]
|
|
}
|
|
]
|
|
}
|