configpolicy/group_vars/dch-gw/dch-network.yml

dch_networks:
  jazz:
    description: Legacy network
    vlan_id: 1
    ipv4_address: 172.31.0.0/27
    router_iface: vlan1
    dns_search:
    - pyrocufflink.jazz
    dns_servers:
    - fd99:8dc7:6528::10:1
    dns_servers_v4:
    - 172.30.0.4
    sla_id: 1
    ntp_servers:
    - tyrande.pyrocufflink.jazz

  mgmt:
    description: Management network
    vlan_id: 10
    router_iface: vlan30
    ipv4_address: 172.30.0.240/28

  blue:
    description: pyrocufflink.blue AD domain members only
    vlan_id: 30
    ipv4_address: 172.30.0.0/26
    ipv6_address: fd99:8cd7:6528:fe1e::/64
    router_iface: vlan30
    dns_search:
    - pyrocufflink.blue
    dns_servers:
    - fd99:8cd7:6528:fe1e::4:1
    dns_servers_v4:
    - 172.30.0.4
    sla_id: 30
    ntp_servers:
    - dc0.pyrocufflink.blue

  red:
    description: Non-domain member machines
    vlan_id: 101
    ipv4_address: 172.31.1.0/24
    router_iface: vlan101
    dns_servers_v4:
    - 172.30.0.4
    sla_id: 101
    ntp_servers:
    - tyrande.pyrocufflink.jazz

  guest:
    description: Guest Wi-Fi
    vlan_id: 100
    ipv4_address: 172.24.100.0/24
    router_iface: vlan100

  dmz:
    description: DMZ
    vlan_id: 254
    router_iface: vlan254


firemon_networks:
- 192.168.0.0/16
- 172.28.33.0/24


nat_port_forwards:
- protocol: tcp
  port: http
  destination: 172.30.0.6
- protocol: tcp
  port: https
  destination: 172.30.0.6
- protocol: tcp
  port: ssh
  destination: 172.31.0.5
- protocol: tcp
  port: rsync
  destination: 172.31.0.5
- protocol: udp
  port: 16881-16999
  destination: 172.31.0.5


allow_incoming:
- protocol: udp
  port: domain
- protocol: tcp
  port: domain
- protocol: udp
  port: bootps
- protocol: tcp
  port: ssh
- protocol: tcp
  port: 9876
- protocol: tcp
  port: 10050


allow_outgoing:
- protocol: udp
  port: ntp
- protocol: udp
  port: dhcpv6-server
- protocol: udp
  port: bootps
- protocol: udp
  port: bootpc
- protocol: tcp
  port: https
- protocol: tcp
  port: http
- protocol: udp
  port: domain
- protocol: tcp
  port: domain
- protocol: udp
  port: ntp
- protocol: tcp
  port: 10051

trace_dropped: true