Initial commit

services/basic/global.policy.json

@@ -0,0 +1,11 @@
+{
+    "description": "Restrict all internet access",
+    "variable": { "internet_if": "eth0" },
+    "zone": {
+        "internet": { "iface": "$internet_if" }
+    },
+    "policy": [
+        { "in": "internet", "action": "drop" },
+        { "action": "reject" }
+    ]
+}

services/basic/icmp.policy.json

@@ -0,0 +1,11 @@
+{
+    "description": "Allow ping-pong",
+    "filter": [
+        {
+            "in": "internet",
+            "service": "ping",
+            "action": "accept",
+            "flow-limit": { "count": 10, "interval": 6 }
+        }
+    ]
+}

services/basic/outgoing.policy.json

@@ -0,0 +1,11 @@
+{
+    "description": "Allow outgoing connections for http/https, dns, ssh, ntp, ssh and ping",
+    "filter": [
+        {
+            "in": "_fw",
+            "out": "internet",
+            "service": ["http", "https", "dns", "ssh", "ntp", "ping"],
+            "action": "accept"
+        }
+    ]
+}