# skip boilerplate check
---
# start of document (---) avoids errors if the file only contains comments

# yaml-language-server: $schema=../../../schemas/firewall-rules.schema.json

ingress:
  ingress-icmp-allow:
    description: "Allow ICMP from anywhere."
    rules:
      - protocol: icmp
        ports: []
    priority: 1000
  ingress-ssh-from-iap-allow:
    description: "Allow SSH connections from IAP ranges."
    source_ranges:
      - 35.235.240.0/20
    rules:
      - protocol: tcp
        ports:
          - 22
    priority: 1001
  ingress-default-deny:
    description: "Deny and log any unmatched ingress traffic."
    deny: true
    priority: 65535
    enable_logging:
      include_metadata: false