diff options
Diffstat (limited to 'policies/sample_tug_wlc_fw.pol')
| -rw-r--r-- | policies/sample_tug_wlc_fw.pol | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/policies/sample_tug_wlc_fw.pol b/policies/sample_tug_wlc_fw.pol new file mode 100644 index 0000000..76da91c --- /dev/null +++ b/policies/sample_tug_wlc_fw.pol @@ -0,0 +1,36 @@ +# +# This is an example policy for capirca +# +header { + comment:: "this is a sample output filter that generates" + comment:: "multiplatform for tug wlc protection" + target:: juniper fw_tug_wlc_protect inet + target:: srx from-zone NORDUnet_nets to-zone WLC_net + target:: cisco fw_tug_wlc_protect mixed + target:: speedway INPUT + target:: ciscoasa asa_in + target:: html MUPP +} + +term permit-icmp { + destination-address:: NDN_TUG_WLC_NET + protocol:: icmp + action:: accept +} + +term permit-traceroute { + destination-address:: NDN_TUG_WLC_NET + protocol:: udp + destination-port:: TRACEROUTE + action:: accept +} + +term permit-NORDUnet { + source-address:: NORDUNET_AGGREGATE SUNET_AP_STATICS + destination-address:: NDN_TUG_WLC_NET + action:: accept +} + +term default-deny { + action:: deny +} |