# skip boilerplate check

allow-admins:
  description: Access from the admin subnet to all subnets
  priority: 1000
  match:
    source_ranges:
      - rfc1918

allow-healthchecks:
  description: Enable HTTP and HTTPS healthchecks
  priority: 1001
  match:
    source_ranges:
      - healthchecks
  layer4_configs:
  - protocol: tcp
    ports: ["80", "443"]

allow-ssh-from-iap:
  description: Enable SSH from IAP
  priority: 1002
  match:
    source_ranges:
      - 35.235.240.0/20
  layer4_configs:
  - protocol: tcp
    ports: ["22"]

allow-icmp:
  description: Enable ICMP
  priority: 1003
  match:
    source_ranges:
      - 0.0.0.0/0
  layer4_configs:
  - protocol: icmp