3 # enable firewall (cluster wide setting, default is disabled)
6 # default policy for host rules
12 myserveralias 10.0.0.111
13 mynetworkalias 10.0.0.0/24
21 IN ACCEPT - - tcp 22 -
22 OUT ACCEPT - - tcp 80 -
23 OUT ACCEPT - - icmp - -
28 IN ACCEPT 10.0.0.1-10.0.0.10
29 IN ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
31 IN ACCEPT myserveralias
36 192.168.0.1 #mycomment
39 ! 10.0.0.0/8 #nomatch - needs kernel 3.7 or newer
42 #global ipset blacklist