# API reference for the YAML fields
# The interface to run the XDP on
interface: "enp43s0np0"
# Whether the firewall is persistent across reboots.
# Not currently implemented.
# persistent: true
# Whether the Prometheus exporter is enabled.
# Not currently implemented. Prometheus always listens on :4343.
# prometheus: true
# The local port Prometheus should listen on.
# prometheus_port: 4242
# The firewall rules you'd like to define.
# The firewall drops traffic like TCP and UDP by default, rules whitelist traffic
rules:
# Define each rule individually
- rule:
# The source IP range this rule will apply to. For example, 23.133.104.69/32, or 23.133.104.0/24.
# To allow traffic from any IP, use 0.0.0.0/0
source_ip_range: 5.161.57.23/32
# The destination IP range this rule will apply to.
# To allow traffic to go to any IP assigned with this server, use 0.0.0.0/0.
destination_ip_range: 5.161.57.23/32
# The IP protocol to allow.
# Current allowed values are: TCP, UDP, ICMP, ALL.
protocol: "TCP"
# The port to allow the traffic to. Only applicable to TCP and UDP.
# Omit or enter 0 to allow any port.
port: 0
# Limit the amount of packets sent to this service per source IP. Runs over 1 minute.
# Enter to zero to disable ratelimiting.
ratelimit: 0
Ex config:
protocolshould be optional.