{ "props": { "id": { "default": null, "oneOf": [ { "type": "null" }, { "type": "integer", "minimum": 0 } ] }, "port": { "type": "integer", "minimum": 1, "maximum": 65535 }, "proto": { "description": "Protocol number as per IANA assignments,\nsee https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml", "type": "integer", "minimum": 1, "maximum": 254 }, "upstreamSni": { "description": "SNI name to use in upstream SSL handshake", "type": "string", "maxLength": 255, "allOf": [ { "pattern": "^[0-9a-zA-z._-]*$" }, { "not": { "pattern": "(?:^[_.-]|[_.-]$)" } }, { "not": { "pattern": "(?:[_-]\\.|\\.[_-])" } }, { "not": { "pattern": "\\.\\." } }, { "not": { "pattern": "[^.]{64,}\\." } }, { "not": { "pattern": "\\.[^.]{64,}" } } ] } }, "services": { "icmp": { "type": "object", "required": [ "type" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "icmp" ] }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false }, "rateLimit": { "description": "Maximum packet rate per second per IP address (bps)", "type": "integer", "minimum": 8000, "maximum": 1000000000000, "multipleOf": 8000, "default": 8000000 } } }, "dns": { "type": "object", "required": [ "type", "port" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "dns" ] }, "port": { "$ref": "#/props/port" }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false } } }, "http": { "type": "object", "required": [ "type", "port", "upstream" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "http" ] }, "port": { "$ref": "#/props/port" }, "ssl": { "description": "If true, TLS is enabled for this service", "type": "boolean", "default": false }, "http2": { "description": "If true, HTTP/2 is enabled for this service", "type": "boolean", "default": false }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false }, "upstream": { "type": "object", "required": [ "ssl" ], "properties": { "ssl": { "description": "If true, TLS-connection to upstream is enabled for this service", "type": "boolean", "default": false }, "sniName": { "description": "Name to use for SNI in upstream SSL handshake,\nignored if upstream.ssl is false", "oneOf": [ { "type": "null" }, { "$ref": "#/props/upstreamSni" } ], "default": null }, "sniNameOverride": { "description": "Forces the use of sniName as the HOST header in upstream request,\nignored if upstream.ssl is false or sniName is null", "type": "boolean", "default": false } } } } }, "natTcp": { "type": "object", "required": [ "type", "port", "proto" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "nat" ] }, "proto": { "type": "string", "enum": [ "tcp" ] }, "port": { "$ref": "#/props/port" }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false } } }, "natUdp": { "type": "object", "required": [ "type", "port", "proto" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "nat" ] }, "proto": { "type": "string", "enum": [ "udp" ] }, "port": { "$ref": "#/props/port" }, "rateLimit": { "description": "Maximum packet rate per second per IP address (bps)", "type": "integer", "minimum": 8000, "maximum": 1000000000000, "multipleOf": 8000, "default": 8000000 }, "dropAmp": { "description": "If true, amplified packets are dropped", "type": "boolean", "default": false }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false } } }, "nat": { "oneOf": [ { "$ref": "#/services/natTcp" }, { "$ref": "#/services/natUdp" } ] }, "anyIngressEgress": { "type": "object", "required": [ "type" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "any-ingress-egress" ] }, "rateLimit": { "description": "Maximum packet rate per second per IP address (bps)", "type": "integer", "minimum": 8000, "maximum": 1000000000000, "multipleOf": 8000, "default": 8000000 }, "dropAmp": { "description": "If true, amplified packets are dropped", "type": "boolean", "default": false }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false } } }, "protoIngressEgress": { "type": "object", "required": [ "type", "proto" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "proto-ingress-egress" ] }, "proto": { "$ref": "#/props/proto" }, "rateLimit": { "description": "Maximum packet rate per second per IP address (bps)", "type": "integer", "minimum": 8000, "maximum": 1000000000000, "multipleOf": 8000, "default": 8000000 }, "dropAmp": { "description": "If true, amplified packets are dropped", "type": "boolean", "default": false }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false } } }, "tcpIngressEgress": { "type": "object", "required": [ "type" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "tcp-ingress-egress" ] }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false } } }, "tcpEgress": { "type": "object", "required": [ "type" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "tcp-egress" ] }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false } } }, "fragIngressEgress": { "type": "object", "required": [ "type" ], "additionalProperties": false, "properties": { "id": { "$ref": "#/props/id" }, "type": { "type": "string", "enum": [ "frag-ingress-egress" ] }, "defaultDrop": { "description": "If true, only whitelisted IPs can access the service", "type": "boolean", "default": false }, "rateLimit": { "description": "Maximum packet rate per second per IP address (bps)", "type": "integer", "minimum": 8000, "maximum": 1000000000000, "multipleOf": 8000, "default": 8000000 } } } }, "type": "array", "minItems": 0, "maxItems": 150, "items": { "oneOf": [ { "$ref": "#/services/dns" }, { "$ref": "#/services/http" }, { "$ref": "#/services/icmp" }, { "$ref": "#/services/nat" }, { "$ref": "#/services/anyIngressEgress" }, { "$ref": "#/services/protoIngressEgress" }, { "$ref": "#/services/tcpIngressEgress" }, { "$ref": "#/services/tcpEgress" }, { "$ref": "#/services/fragIngressEgress" } ] } }