headscale/hscontrol/policy/v2/testdata/acl_results/ACL-AR02.hujson

// ACL-AR02
//
// ACLs:
//   accept: src=['tag:client'] dst=['tag:server:22']
//   accept: src=['tag:client'] dst=['tag:server:80,443']
//   accept: src=['*'] dst=['tag:server:53'] proto=udp
//
// Expected: Rules on tagged-server
{
  "test_id": "ACL-AR02",
  "input": {
    "full_policy": {
      "groups": {
        "group:admins": [
          "kratail2tid@passkey"
        ],
        "group:developers": [
          "kristoffer@dalby.cc",
          "kratail2tid@passkey"
        ],
        "group:monitors": [
          "monitorpasskeykradalby@passkey"
        ],
        "group:empty": []
      },
      "tagOwners": {
        "tag:server": [
          "kratail2tid@passkey"
        ],
        "tag:prod": [
          "kratail2tid@passkey"
        ],
        "tag:client": [
          "kratail2tid@passkey"
        ],
        "tag:router": [
          "kratail2tid@passkey"
        ],
        "tag:exit": [
          "kratail2tid@passkey"
        ]
      },
      "hosts": {
        "webserver": "100.108.74.26",
        "prodbox": "100.103.8.15",
        "internal": "10.0.0.0/8",
        "subnet24": "192.168.1.0/24"
      },
      "autoApprovers": {
        "routes": {
          "10.33.0.0/16": [
            "tag:router"
          ],
          "0.0.0.0/0": [
            "tag:exit"
          ],
          "::/0": [
            "tag:exit"
          ]
        }
      },
      "acls": [
        {
          "action": "accept",
          "src": [
            "tag:client"
          ],
          "dst": [
            "tag:server:22"
          ]
        },
        {
          "action": "accept",
          "src": [
            "tag:client"
          ],
          "dst": [
            "tag:server:80,443"
          ]
        },
        {
          "action": "accept",
          "src": [
            "*"
          ],
          "proto": "udp",
          "dst": [
            "tag:server:53"
          ]
        }
      ]
    }
  },
  "captures": {
    "exit-node": {
      "packet_filter_rules": null
    },
    "subnet-router": {
      "packet_filter_rules": null
    },
    "tagged-client": {
      "packet_filter_rules": null
    },
    "tagged-prod": {
      "packet_filter_rules": null
    },
    "tagged-server": {
      "packet_filter_rules": [
        {
          "SrcIPs": [
            "100.83.200.69",
            "fd7a:115c:a1e0::c537:c845"
          ],
          "DstPorts": [
            {
              "IP": "100.108.74.26",
              "Ports": {
                "First": 22,
                "Last": 22
              }
            },
            {
              "IP": "fd7a:115c:a1e0::b901:4a87",
              "Ports": {
                "First": 22,
                "Last": 22
              }
            },
            {
              "IP": "100.108.74.26",
              "Ports": {
                "First": 80,
                "Last": 80
              }
            },
            {
              "IP": "100.108.74.26",
              "Ports": {
                "First": 443,
                "Last": 443
              }
            },
            {
              "IP": "fd7a:115c:a1e0::b901:4a87",
              "Ports": {
                "First": 80,
                "Last": 80
              }
            },
            {
              "IP": "fd7a:115c:a1e0::b901:4a87",
              "Ports": {
                "First": 443,
                "Last": 443
              }
            }
          ]
        },
        {
          "SrcIPs": [
            "10.33.0.0/16",
            "100.115.94.0-100.127.255.255",
            "100.64.0.0-100.115.91.255",
            "fd7a:115c:a1e0::/48"
          ],
          "DstPorts": [
            {
              "IP": "100.108.74.26",
              "Ports": {
                "First": 53,
                "Last": 53
              }
            },
            {
              "IP": "fd7a:115c:a1e0::b901:4a87",
              "Ports": {
                "First": 53,
                "Last": 53
              }
            }
          ],
          "IPProto": [
            17
          ]
        }
      ]
    },
    "user-kris": {
      "packet_filter_rules": null
    },
    "user-mon": {
      "packet_filter_rules": null
    },
    "user1": {
      "packet_filter_rules": null
    }
  }
}