WIP: openvpn

services/basic/global.policy.json

@@ -1,11 +1,16 @@
 {
     "description": "Restrict all internet access",
-    "variable": { "internet_if": "eth0" },
     "zone": {
-        "internet": { "iface": "$internet_if" }
+        "WAN": { "iface": "eth0" },
+        "LAN": { "iface": "eth1" },
+        "VPN": { "iface": "tun+" }
     },
     "policy": [
-        { "in": "internet", "action": "drop" },
+        { "in": "VPN", "action": "accept" },
+        { "out": "VPN", "action": "accept" },
+        { "in": "LAN", "action": "accept" },
+        { "out": "LAN", "action": "accept" },
+        { "in": "WAN", "action": "drop" },
         { "action": "reject" }
     ]
 }