docs(capabilities): note two-layer firewall model (ADR-020)
This commit is contained in:
parent
a9287427e3
commit
2ad50e4d5b
1 changed files with 4 additions and 0 deletions
|
|
@ -31,6 +31,10 @@ decisions this frame enables.
|
|||
|
||||
_(DHCP, firewall, mDNS reflection live on OPNsense — Ansible-managed, not containers.)_
|
||||
|
||||
_Firewalling is two-layer (ADR-020): OPNsense at the perimeter + inter-VLAN, plus
|
||||
per-host `nftables` (default-deny inbound + east-west allowlist) rendered by the `base`
|
||||
role from a shared `group_vars` service catalog. Both layers are still to be built._
|
||||
|
||||
## 2. Identity & access — [P]
|
||||
|
||||
| Capability | Candidate service(s) | Tier | Commitment | What it does | Notes / open |
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue