forked from extern/docker
51 lines
1.8 KiB
XML
51 lines
1.8 KiB
XML
<configuration name="acl.conf" description="Network Lists">
|
|
<network-lists>
|
|
<!--
|
|
These ACL's are automatically created on startup.
|
|
|
|
rfc1918.auto - RFC1918 Space
|
|
nat.auto - RFC1918 Excluding your local lan.
|
|
localnet.auto - ACL for your local lan.
|
|
loopback.auto - ACL for your local lan.
|
|
-->
|
|
|
|
<list name="lan" default="allow">
|
|
<node type="allow" cidr="127.0.0.1/32"/>
|
|
<node type="allow" cidr="10.130.218.147/32"/>
|
|
<node type="allow" cidr="10.0.0.0/8"/>
|
|
<node type="allow" cidr="192.168.0.0/16"/>
|
|
</list>
|
|
|
|
<!--
|
|
custom "loopback" so that traffic from docker
|
|
containers is also considered as local
|
|
-->
|
|
<list name="loopback.custom" default="deny">
|
|
<node type="allow" cidr="127.0.0.1/32"/>
|
|
<node type="allow" cidr="10.0.0.0/8"/>
|
|
<node type="allow" cidr="192.168.0.0/16"/>
|
|
<node type="allow" cidr="$${external_ip_v4}/32"/>
|
|
</list>
|
|
|
|
<list name="deny_private_v6" default="allow">
|
|
<node type="deny" cidr="0.0.0.0/0"/>
|
|
<node type="deny" cidr="fe80::/10"/>
|
|
<node type="deny" cidr="fc00::/7"/>
|
|
</list>
|
|
<!--
|
|
This will traverse the directory adding all users
|
|
with the cidr= tag to this ACL, when this ACL matches
|
|
the users variables and params apply as if they
|
|
digest authenticated.
|
|
-->
|
|
<list name="domains" default="allow">
|
|
<!-- domain= is special it scans the domain from the directory to build the ACL -->
|
|
<node type="allow" domain="$${domain}"/>
|
|
<node type="allow" domain="10.0.0.0/8"/>
|
|
<!-- use cidr= if you wish to allow ip ranges to this domains acl. -->
|
|
<!-- <node type="allow" cidr="192.168.0.0/24"/> -->
|
|
</list>
|
|
|
|
</network-lists>
|
|
</configuration>
|