X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=example%2F100.fw;h=6572fe3bd2e9c609f279d71322803a8ef4fb6d34;hb=b47ecc889a8db369a6324feebffabbe49d5516e6;hp=5068f0bdbe1c63c216d8148f04130d92556e2b91;hpb=178a63beb7976f52ca3491d351a1b3422f3b0cc3;p=pve-firewall.git

diff --git a/example/100.fw b/example/100.fw
index 5068f0b..6572fe3 100644
--- a/example/100.fw
+++ b/example/100.fw
@@ -1,6 +1,7 @@
 # Example VM firewall configuration
 
-[OPTIONS] # VM specific firewall options
+# VM specific firewall options
+[OPTIONS]
 
 # disable/enable the whole thing
 enable: 1 
@@ -9,8 +10,8 @@ enable: 1
 macfilter: 0
 
 # default policy
-policy-in: DROP
-policy-out: REJECT
+policy_in: DROP
+policy_out: REJECT
 
 # log dropped incoming connection
 log_level_in: info
@@ -18,8 +19,8 @@ log_level_in: info
 # disable log for outgoing connections
 log_level_out: nolog
 
-# filter SMURFS
-nosmurfs: 1
+# disable SMURFS filter
+nosmurfs: 0
 
 # filter illegal combinations of TCP flags
 tcpflags: 1
@@ -27,22 +28,29 @@ tcpflags: 1
 # enable DHCP
 dhcp: 1
 
+# enable ips
+ips: 1
 
-[IN]
+# specify nfqueue queues (optionnal)
+#ips_queues: 0
+ips_queues: 0:3
 
-#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
 
-SSH(ACCEPT) net0
-SSH(ACCEPT) net0 # a comment
-SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
-|SSH(ACCEPT) net0 # disbaled rule
+[RULES]
 
-[OUT]
+#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
 
+IN SSH(ACCEPT) net0
+IN SSH(ACCEPT) net0 # a comment
+IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
+|IN SSH(ACCEPT) net0 # disabled rule
 
-DNS(ACCEPT) net0
-Ping(ACCEPT) net0
-SSH(ACCEPT)
+# add a security group
+GROUP group1 net0
+
+OUT DNS(ACCEPT) net0
+OUT Ping(ACCEPT) net0
+OUT SSH(ACCEPT)