mirror of
				https://github.com/dec0dOS/zero-ui.git
				synced 2025-10-25 21:46:22 +08:00 
			
		
		
		
	
		
			
				
	
	
		
			56 lines
		
	
	
	
		
			1 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
			
		
		
	
	
			56 lines
		
	
	
	
		
			1 KiB
		
	
	
	
		
			JavaScript
		
	
	
	
	
	
| export const defaultRulesSource = `
 | |
| # This is a default rule set that allows IPv4 and IPv6 traffic but otherwise
 | |
| # behaves like a standard Ethernet switch.
 | |
| 
 | |
| #
 | |
| # Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames.
 | |
| #
 | |
| drop
 | |
|   not ethertype ipv4
 | |
|   and not ethertype arp
 | |
|   and not ethertype ipv6
 | |
| ;
 | |
| 
 | |
| #
 | |
| # Uncomment to drop non-ZeroTier issued and managed IP addresses.
 | |
| #
 | |
| # This prevents IP spoofing but also blocks manual IP management at the OS level and
 | |
| # bridging unless special rules to exempt certain hosts or traffic are added before
 | |
| # this rule.
 | |
| #
 | |
| #drop
 | |
| #  not chr ipauth
 | |
| #;
 | |
| 
 | |
| # Accept anything else. This is required since default is 'drop'.
 | |
| accept;
 | |
| `;
 | |
| 
 | |
| export const defaultRules = `
 | |
| [
 | |
|   {
 | |
|    "type": "MATCH_ETHERTYPE",
 | |
|    "not": true,
 | |
|    "or": false,
 | |
|    "etherType": 2048
 | |
|   },
 | |
|   {
 | |
|    "type": "MATCH_ETHERTYPE",
 | |
|    "not": true,
 | |
|    "or": false,
 | |
|    "etherType": 2054
 | |
|   },
 | |
|   {
 | |
|    "type": "MATCH_ETHERTYPE",
 | |
|    "not": true,
 | |
|    "or": false,
 | |
|    "etherType": 34525
 | |
|   },
 | |
|   {
 | |
|    "type": "ACTION_DROP"
 | |
|   },
 | |
|   {
 | |
|    "type": "ACTION_ACCEPT"
 | |
|   }
 | |
|  ]
 | |
| `;
 |