Created
July 20, 2016 07:23
-
-
Save flashvoid/00839ac137d21323e090eb5ed498baf3 to your computer and use it in GitHub Desktop.
note: policy example 380
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Example policy for traffic fro pod to host | |
| ``` | |
| { | |
| "rules": [ | |
| { | |
| "ports": [ | |
| 80 | |
| ], | |
| "protocol": "TCP" | |
| } | |
| ], | |
| "peers": [ | |
| { | |
| "peer": "any" | |
| } | |
| ], | |
| "applied_to": [ | |
| { | |
| "dest": "host" | |
| } | |
| ], | |
| "datacenter": { | |
| "endpoint_space_bits": 0, | |
| "endpoint_bits": 8, | |
| "id": 0, | |
| "ip_version": 4, | |
| "prefix": 167772160, | |
| "cidr": "10.0.0.0/8", | |
| "prefix_bits": 8, | |
| "port_bits": 8, | |
| "tenant_bits": 4, | |
| "segment_bits": 4 | |
| }, | |
| "external_id": "pol2", | |
| "id": 127, | |
| "name": "pol2", | |
| "direction": "ingress" | |
| } | |
| ``` | |
| Will produce | |
| ``` | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules --> chain 0 : ROMANA-FORWARD-OUT | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules ----> rule 0 : -A ROMANA-FORWARD-OUT -j ROMANA-OP | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules ----> rule 1 : -A ROMANA-FORWARD-OUT -j DROP | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules --> chain 1 : ROMANA-OP | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules ----> rule 0 : -A ROMANA-OP -j ROMANA-P-pol2_ | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules ----> rule 1 : -A ROMANA-OP -m comment --comment POLICY_CHAIN_HEADER -j RETURN | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules --> chain 2 : ROMANA-P-pol2_ | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules ----> rule 0 : -A ROMANA-P-pol2_ -j ROMANA-P-pol2-IN_ | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules ----> rule 1 : -A ROMANA-P-pol2_ -m comment --comment PolicyId=pol2 -j RETURN | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules --> chain 3 : ROMANA-P-pol2-IN_ | |
| Wed, 20 Jul 2016 07:20:04 DEBUG New rules ----> rule 0 : -A ROMANA-P-pol2-IN_ -p tcp --dport 80 -j ACCEPT | |
| ``` | |
| Example policy from pod to host | |
| ``` | |
| { | |
| "rules": [ | |
| { | |
| "ports": [ | |
| 80 | |
| ], | |
| "protocol": "TCP" | |
| } | |
| ], | |
| "peers": [ | |
| { | |
| "peer": "any" | |
| } | |
| ], | |
| "applied_to": [ | |
| { | |
| "dest": "local" | |
| } | |
| ], | |
| "datacenter": { | |
| "endpoint_space_bits": 0, | |
| "endpoint_bits": 8, | |
| "id": 0, | |
| "ip_version": 4, | |
| "prefix": 167772160, | |
| "cidr": "10.0.0.0/8", | |
| "prefix_bits": 8, | |
| "port_bits": 8, | |
| "tenant_bits": 4, | |
| "segment_bits": 4 | |
| }, | |
| "external_id": "pol3", | |
| "id": 127, | |
| "name": "pol3", | |
| "direction": "ingress" | |
| } | |
| ``` | |
| will produce | |
| ``` | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules --> chain 0 : ROMANA-OP-IN | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules ----> rule 0 : -A ROMANA-OP-IN -j ROMANA-P-pol3_ | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules ----> rule 1 : -A ROMANA-OP-IN -m comment --comment POLICY_CHAIN_HEADER -j RETURN | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules --> chain 1 : ROMANA-P-pol3_ | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules ----> rule 0 : -A ROMANA-P-pol3_ -j ROMANA-P-pol3-IN_ | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules ----> rule 1 : -A ROMANA-P-pol3_ -m comment --comment PolicyId=pol3 -j RETURN | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules --> chain 2 : ROMANA-P-pol3-IN_ | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules ----> rule 0 : -A ROMANA-P-pol3-IN_ -p tcp --dport 80 -j ACCEPT | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules --> chain 3 : ROMANA-INPUT | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules ----> rule 0 : -A ROMANA-INPUT -j ROMANA-OP-IN | |
| Wed, 20 Jul 2016 07:23:28 DEBUG New rules ----> rule 1 : -A ROMANA-INPUT -j DROP | |
| ``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment