policies/sample_tug_wlc_fw.pol


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

#
# This is an example policy for capirca
#
header {
  comment:: "this is a sample output filter that generates"
  comment:: "multiplatform for tug wlc protection"
  target:: juniper fw_tug_wlc_protect inet
  target:: srx from-zone NORDUnet_nets to-zone WLC_net
  target:: cisco fw_tug_wlc_protect mixed
  target:: speedway INPUT
  target:: ciscoasa asa_in
  target:: html MUPP
}

term permit-icmp {
  destination-address:: NDN_TUG_WLC_NET 
  protocol:: icmp
  action:: accept
}

term permit-traceroute {
  destination-address:: NDN_TUG_WLC_NET 
  protocol:: udp
  destination-port:: TRACEROUTE
  action:: accept
}

term permit-NORDUnet {
  source-address:: NORDUNET_AGGREGATE SUNET_AP_STATICS
  destination-address:: NDN_TUG_WLC_NET
  action:: accept
}

term default-deny {
  action:: deny
}