firewall:
  defaults:
    all:
      statement: accept
      matches: ~
    input: {}
    forward: {}
    output: {}
  chains:
    input:
      allow_ssh: tcp dport ssh
    output: {}
    forward: {}
  policies:
    input: drop
    output: accept
    forward: drop
  vars: {}