Create datacenter.yaml

ankenyr · Aug 16, 2024 · f6170cf · f6170cf
1 parent 90d99bd
commit f6170cf
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/invariant/policies/datacenter.yaml b/invariant/policies/datacenter.yaml
@@ -0,0 +1,14 @@
+access-policy:
+  - name: datacenter-security-policy
+    comment: Access to the datacenter is controlled by this policy
+    owner: [email protected]
+    ingress-network: DATACENTER
+    rules:
+      - type: ingress-deny
+        comment: VLAN30 must not be able to reach DATACENTER through SSH
+        source-address: VLAN30
+        destination-port: SSH
+        protocol: tcp
+      - type: ingress-deny
+        comment: VLAN40 must not be able to reach DATACENTER at all.
+        source-address: VLAN40