Access Control

42 rules active·1 draft pending·Last deployed 3h ago by arjun.kapoor

RuleSourceDestinationProto / PortsActionOn
10Allow all prod-to-prod
148,320 hits
tag:prod
tag:prod
any
ALLOW
20Allow devs to staging
34,210 hits
tag:devtag:user-device
tag:staging
tcp22,80,443,8080
ALLOW
30Allow k8s internal
892,441 hits
tag:k8s
tag:k8s
any
ALLOW
40Deny dev to prod DB
7 hits
tag:devtag:user-device
tag:database
tcp5432,3306,27017
DENY
50Allow monitoring scrape
214,000 hits
tag:monitoring
tag:prodtag:staging
tcp9090,9100,9187
ALLOW
60Allow SSH from admins
4,820 hits
group:admins
*
tcp22
ALLOW
70Allow analytics read-only
98,120 hits
tag:analytics
tag:database
tcp5432
ALLOW
80Block CI from prod
0 hits
tag:ci
tag:prod
any
DENY
90Allow exit node traffic
2,184,900 hits
*
tag:exit-node
any
ALLOW
100Allow ICMP everywhere
441,200 hits
*
*
icmp
ALLOW
110Deny user-devices to k8s API
0 hits
tag:user-device
tag:k8s
tcp6443
DENY
120Draft: Allow new analytics cluster
0 hits
tag:analytics
tag:prod
tcp9200,9300
ALLOW
12 of 12 rules8 allow · 3 deny
Edit Rule#rule-001

A descriptive name for this rule

Tags, groups, or CIDRs. Comma-separated.

Tags, groups, CIDRs, or * for all.

Comma-separated port numbers or ranges. Use * for all.

Rule enabled

Disabled rules are stored but not enforced

Metadata

Priority10
Created byarjun.kapoor
Last updated2026-05-20
Hit count (24h)148,320