1 # Example VM firewall configuration
3 # VM specific firewall options
6 # disable/enable the whole thing
9 # disable/enable MAC address filter
12 # limit layer2 specific protocols
13 layer2_protocols: ARP,802_1Q,IPX,NetBEUI,PPP
19 # log dropped incoming connection
22 # disable log for outgoing connections
31 # specify nfqueue queues (optionnal)
35 [IPSET ipfilter-net0] # only allow specified IPs on net0
40 #TYPE ACTION [OPTIONS]
45 # -dport <DESTINATION_PORT>
46 # -sport <SOURCE_PORT>
48 IN SSH(ACCEPT) -i net0
49 IN SSH(ACCEPT) -i net0 # a comment
50 IN SSH(ACCEPT) -i net0 -source 192.168.2.192 # only allow SSH from 192.168.2.192
51 IN SSH(ACCEPT) -i net0 -source 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10
52 IN SSH(ACCEPT) -i net0 -source 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
53 IN SSH(ACCEPT) -i net0 -source +mynetgroup #accept ssh for ipset mynetgroup
54 IN SSH(ACCEPT) -i net0 -source myserveralias #accept ssh for alias myserveralias
55 IN SSH(ACCEPT) -i net0 -source FE80:0000:0000:0000:0202:B3FF:FE1E:8329
56 IN ACCEPT -i net0 -p icmpv6
58 |IN SSH(ACCEPT) -i net0 # disabled rule
60 # add a security group
63 OUT DNS(ACCEPT) -i net0
64 OUT Ping(ACCEPT) -i net0