From f6170cf8f4c63f3582987563f0c43a47fe6f1881 Mon Sep 17 00:00:00 2001
From: Rob Ankeny <ankenyr@gmail.com>
Date: Fri, 16 Aug 2024 12:26:41 -0700
Subject: [PATCH] Create datacenter.yaml

---
 invariant/policies/datacenter.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 invariant/policies/datacenter.yaml

diff --git a/invariant/policies/datacenter.yaml b/invariant/policies/datacenter.yaml
new file mode 100644
index 0000000..2dd63e8
--- /dev/null
+++ b/invariant/policies/datacenter.yaml
@@ -0,0 +1,14 @@
+access-policy:
+  - name: datacenter-security-policy
+    comment: Access to the datacenter is controlled by this policy
+    owner: neteng@company.com
+    ingress-network: DATACENTER
+    rules:
+      - type: ingress-deny
+        comment: VLAN30 must not be able to reach DATACENTER through SSH
+        source-address: VLAN30
+        destination-port: SSH
+        protocol: tcp
+      - type: ingress-deny
+        comment: VLAN40 must not be able to reach DATACENTER at all.
+        source-address: VLAN40