Skip to main content

Reference well-known networks and services in Invariant

Invariant includes built-in definitions for common IP networks (like RFC1918) and IANA well-known services (like HTTP, SSH) for convenience.

A reference list of built-in names and sources is available here: https://github.com/InvariantTech/built-ins

Use the built-in names directly in your policy files (e.g., invariant/policies/my_policy.yaml) or definition files (def/networks.yaml, def/services.yaml):

access-policy:
  - name: deny-ssh-from-internet-to-private
    comment: Deny SSH from the internet to private IP space
    ingress-network: RFC1918  # Built-in network name
    rules:
      - type: ingress-deny
        comment: Block external SSH attempts
        destination-port: SSH  # Built-in service name
        protocol: tcp

Override

User-defined networks or services with the same name in your def/ directory will override the built-in definitions.

networks:
    RFC1918:  # You may quietly override built-in values
        - 10.0.0.0/8
        - 172.16.0.0/12
        - 192.168.0.0/16

See Docs > Access Policy for more details on writing rules.