From e4095690167b63cf7626e7f965d0cf0f165a238e Mon Sep 17 00:00:00 2001 From: Carlos Santos <125412989+CarlosSuporteISP@users.noreply.github.com> Date: Sat, 13 Sep 2025 00:48:02 -0300 Subject: [PATCH] Create sample_directives.yaml --- .samples/sample_directives.yaml | 159 ++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 .samples/sample_directives.yaml diff --git a/.samples/sample_directives.yaml b/.samples/sample_directives.yaml new file mode 100644 index 0000000..73df019 --- /dev/null +++ b/.samples/sample_directives.yaml @@ -0,0 +1,159 @@ +Huawei_Traceroute: + name: Traceroute + rules: + # REGRA DENY RFC 6598 + - condition: '100.64.0.0/10' + ge: 10 + le: 32 + action: deny + # REGRA DENY RFC 1918 CLASSE A + - condition: '10.0.0.0/8' + ge: 8 + le: 32 + action: deny + # REGRA DENY RFC 1918 CLASSE B + - condition: '172.16.0.0/12' + ge: 12 + le: 32 + action: deny + # REGRA DENY RFC 1918 CLASSE C + - condition: '192.168.0.0/16' + ge: 16 + le: 32 + action: deny + # REGRA DENY LO + - condition: '127.0.0.0/8' + ge: 8 + le: 32 + action: deny + # REGRA DENY ASN PREFIXO + - condition: 'SEU_PREFIXO_IPv4_AGORA' + ge: 22 + le: 32 + action: deny + # REGRA DENY DEFAULT ROUTE + - condition: '0.0.0.0/8' + ge: 8 + le: 32 + action: deny + - condition: '0.0.0.0/0' + ge: 32 + le: 32 + action: permit + command: 'tracert -w 500 -q 1 -f 1 -a {source4} {target}' + # REGRA DENY SITE LOCAL DEPRECIADO RFC 3879 + - condition: 'fec0::/10' + ge: 10 + le: 128 + action: deny + # REGRA DENY ULA RFC 4193 + - condition: 'fc00::/7' + ge: 7 + le: 128 + action: deny + # REGRA DENY LINK LOCAL RFC 4291 + - condition: 'fe80::/10' + ge: 10 + le: 128 + action: deny + # REGRA DENY Unspecified RFC 4291 + - condition: '::/128' + ge: 128 + le: 128 + action: deny + # REGRA DENY LO RFC 4291 + - condition: '::1/128' + ge: 128 + le: 128 + action: deny + # REGRA DENY ASN PREFIXO + - condition: 'SEU_PREFIXO_IPv6_AGORA' + ge: 32 + le: 128 + action: deny + - condition: '::/0' + ge: 128 + le: 128 + action: permit + command: 'tracert ipv6 -w 500 -q 1 -f 1 -a {source6} {target}' + field: + description: IP Address, or Hostname +Huawei_Ping: + name: Ping + rules: + # REGRA DENY RFC 6598 + - condition: '100.64.0.0/10' + ge: 10 + le: 32 + action: deny + # REGRA DENY RFC 1918 CLASSE A + - condition: '10.0.0.0/8' + ge: 8 + le: 32 + action: deny + # REGRA DENY RFC 1918 CLASSE B + - condition: '172.16.0.0/12' + ge: 12 + le: 32 + action: deny + # REGRA DENY RFC 1918 CLASSE C + - condition: '192.168.0.0/16' + ge: 16 + le: 32 + action: deny + # REGRA DENY LO + - condition: '127.0.0.0/8' + ge: 8 + le: 32 + action: deny + # REGRA DENY ASN PREFIXO + - condition: 'SEU_PREFIXO_IPv4_AGORA' + ge: 22 + le: 32 + action: deny + # REGRA DENY DEFAULT ROUTE + - condition: '0.0.0.0/8' + ge: 8 + le: 32 + action: deny + - condition: '0.0.0.0/0' + ge: 32 + le: 32 + command: 'ping -t 500 -c 5 -a {source4} {target}' + # REGRA DENY SITE LOCAL DEPRECIADO RFC 3879 + - condition: 'fec0::/10' + ge: 10 + le: 128 + action: deny + # REGRA DENY ULA RFC 4193 + - condition: 'fc00::/7' + ge: 7 + le: 128 + action: deny + # REGRA DENY LINK LOCAL RFC 4291 + - condition: 'fe80::/10' + ge: 10 + le: 128 + action: deny + # REGRA DENY Unspecified RFC 4291 + - condition: '::/128' + ge: 128 + le: 128 + action: deny + # REGRA DENY LO RFC 4291 + - condition: '::1/128' + ge: 128 + le: 128 + action: deny + # REGRA DENY ASN PREFIXO + - condition: 'SEU_PREFIXO_IPv6_AGORA' + ge: 32 + le: 128 + action: deny + - condition: '::/0' + ge: 128 + le: 128 + action: permit + command: 'ping ipv6 -t 500 -c 5 -a {source6} {target}' + field: + description: IP Address, or Hostname