15 lines
498 B
YAML
15 lines
498 B
YAML
---
|
|
# Shared firewall topology — single source of truth for the host nftables layer
|
|
# (base role) and OPNsense (future). See docs/decisions/020-firewall.md.
|
|
|
|
# Zone → subnet (from ADR-007).
|
|
firewall_zones:
|
|
mgmt: 10.10.0.0/24
|
|
srv: 10.20.0.0/24
|
|
lan: 10.30.0.0/24
|
|
iot: 10.40.0.0/24
|
|
guest: 10.50.0.0/24
|
|
|
|
# Service catalog: <name> → placement (host | group | hosts) + ingress[].
|
|
# Empty until services are built; hosts still get default-deny + the management plane.
|
|
firewall_catalog: {}
|