X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=debian%2Fexample%2F100.fw;h=3a08b075d0c55bda12de2ae458b36e0552e81ea0;hb=c5e8b0088f2f51897b8b22a587c091e4e5bf3251;hp=88690232785fe8c1bf66db54fd89001999439faa;hpb=d562837827f00527f755354e0ec6e29778f0dcc7;p=pve-firewall.git

diff --git a/debian/example/100.fw b/debian/example/100.fw
index 8869023..3a08b07 100644
--- a/debian/example/100.fw
+++ b/debian/example/100.fw
@@ -9,6 +9,9 @@ enable: 1
 # disable/enable MAC address filter
 macfilter: 0
 
+# limit layer2 specific protocols
+layer2_protocols: ARP,802_1Q,IPX,NetBEUI,PPP
+
 # default policy
 policy_in: DROP
 policy_out: REJECT
@@ -49,6 +52,8 @@ IN SSH(ACCEPT) -i net0 -source 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10
 IN SSH(ACCEPT) -i net0 -source 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
 IN SSH(ACCEPT) -i net0 -source +mynetgroup   #accept ssh for ipset mynetgroup
 IN SSH(ACCEPT) -i net0 -source myserveralias   #accept ssh for alias myserveralias
+IN SSH(ACCEPT) -i net0 -source FE80:0000:0000:0000:0202:B3FF:FE1E:8329
+IN ACCEPT -i net0 -p icmpv6
 
 |IN SSH(ACCEPT) -i net0 # disabled rule