{
	"groups": {
		"group:admin": ["davide"],
		"group:family": ["davide", "dario"],
		"group:services": ["services"],
		"group:external": []
	},
	"tagOwners": {
		"tag:web": ["group:admin"],
		"tag:dns": ["group:admin"],
		"tag:exitnode": ["group:admin"],
		"tag:game": ["group:admin", "group:family"]
	},
	"acls": [
		// Family and admin should be able to access everything
		{
			"action": "accept",
			"src": ["group:admin", "group:family"],
			"dst": [
				"*:*"
			]
		},
		// External can access only hosted games
		{
			"action": "accept",
			"src": ["group:external"],
			"dst": [
				"tag:game:*"
			]
		},
		// Everyone should access DNS server (or we break their internet connection)
		{
			"action": "accept",
			"src": ["*"],
			"proto": "udp",
			"dst": [
				"tag:dns:53"
			]
		}
	]
}