kvmhost02: update policy

itguru.at.fwb

@@ -2450,7 +2450,7 @@
           <Option name="verify_interfaces">True</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1576154382" lastInstalled="1576154396" lastModified="1576154372" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
+      <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1576154828" lastInstalled="1576154947" lastModified="1576154820" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
         <NAT id="id13393X65696" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id13395X65696" disabled="False" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
             <OSrc neg="False">
@@ -3369,7 +3369,31 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="15" action="Accept" direction="Both" comment="allow gogs https">
+          <PolicyRule id="id22122X6772" disabled="False" group="VMs" log="True" position="15" action="Accept" direction="Both" comment="web02 allow unifi ports">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id4099X50770"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id3457X7296"/>
+              <ServiceRef ref="id11374X28426"/>
+              <ServiceRef ref="id9663X31933"/>
+              <ServiceRef ref="id9676X35429"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="color">#C0BA44</Option>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id12867X6099" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="allow gogs https">
             <Src neg="False">
               <ObjectRef ref="id9692X36891"/>
             </Src>
@@ -3390,7 +3414,7 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="16" action="Accept" direction="Both" comment="">
+          <PolicyRule id="id12109X65696" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="">
             <Src neg="False">
               <ObjectRef ref="id8526X5690"/>
             </Src>
@@ -3410,7 +3434,7 @@
               <Option name="color">#7694C0</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="17" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
+          <PolicyRule id="id12166X65696" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="all web (app) servers are allowed to access the database.">
             <Src neg="False">
               <ObjectRef ref="id13113X65696"/>
             </Src>
@@ -3430,7 +3454,7 @@
               <Option name="color">#7694C0</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="18" action="Accept" direction="Both" comment="">
+          <PolicyRule id="id12224X65696" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
@@ -3452,7 +3476,7 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="19" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
+          <PolicyRule id="id9651X28426" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="allow access to all VMs from Wireguard Network">
             <Src neg="False">
               <ObjectRef ref="id11552X65696"/>
             </Src>
@@ -3473,7 +3497,7 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="20" action="Accept" direction="Both" comment="setup icmp ping">
+          <PolicyRule id="id12762X6099" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="setup icmp ping">
             <Src neg="False">
               <ObjectRef ref="id11343X65696"/>
             </Src>
@@ -3496,7 +3520,7 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id21845X6772" disabled="False" group="VMs" log="True" position="21" action="Accept" direction="Both" comment="allow all connections to old network">
+          <PolicyRule id="id21845X6772" disabled="False" group="VMs" log="True" position="22" action="Accept" direction="Both" comment="allow all connections to old network">
             <Src neg="False">
               <ObjectRef ref="id11343X65696"/>
             </Src>
@@ -3517,7 +3541,7 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="22" action="Accept" direction="Outbound" comment="From the internal Network all connections are allowe the external networks.">
+          <PolicyRule id="id9538X28426" disabled="False" group="outgoing traffic" log="True" position="23" action="Accept" direction="Outbound" comment="From the internal Network all connections are allowe the external networks.">
             <Src neg="False">
               <ObjectRef ref="id11343X65696"/>
             </Src>
@@ -3538,7 +3562,7 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id12677X6099" disabled="False" group="outgoing traffic" log="True" position="23" action="Accept" direction="Both" comment="From ipv6 Network">
+          <PolicyRule id="id12677X6099" disabled="False" group="outgoing traffic" log="True" position="24" action="Accept" direction="Both" comment="From ipv6 Network">
             <Src neg="False">
               <ObjectRef ref="id11367X65696"/>
             </Src>
@@ -3559,7 +3583,7 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="24" action="Deny" direction="Both" comment="">
+          <PolicyRule id="id11010X28426" disabled="False" group="" log="True" position="25" action="Deny" direction="Both" comment="">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>