]>
Commit | Line | Data |
---|---|---|
c4a2e5ae DM |
1 | [OPTIONS] |
2 | ||
51e57fee | 3 | # enable firewall (cluster wide setting, default is disabled) |
c4a2e5ae DM |
4 | enable: 1 |
5 | ||
63324b09 DM |
6 | # default policy for host rules |
7 | policy_in: DROP | |
8 | policy_out: ACCEPT | |
9 | ||
92e1209b AD |
10 | [ALIASES] |
11 | ||
12 | myserveralias 10.0.0.111 | |
13 | mynetworkalias 10.0.0.0/24 | |
14 | ||
c4a2e5ae DM |
15 | [RULES] |
16 | ||
17 | IN SSH(ACCEPT) vmbr0 | |
18 | ||
92e976b3 DM |
19 | [group group1] |
20 | ||
21 | IN ACCEPT - - tcp 22 - | |
22 | OUT ACCEPT - - tcp 80 - | |
23 | OUT ACCEPT - - icmp - - | |
24 | ||
25 | [group group3] | |
26 | ||
27 | IN ACCEPT 10.0.0.1 | |
ba791b1f AD |
28 | IN ACCEPT 10.0.0.1-10.0.0.10 |
29 | IN ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3 | |
30 | IN ACCEPT +mynetgroup | |
92e1209b | 31 | IN ACCEPT myserveralias |
92e976b3 | 32 | |
34cdedfa | 33 | |
936af352 | 34 | [ipset myipset] |
34cdedfa | 35 | |
2a052ee3 AD |
36 | 192.168.0.1 #mycomment |
37 | 172.16.0.10 | |
34cdedfa | 38 | 192.168.0.0/24 |
cbb5d6f3 | 39 | ! 10.0.0.0/8 #nomatch - needs kernel 3.7 or newer |
92e1209b | 40 | mynetworkalias |
88733a74 AD |
41 | |
42 | #global ipset blacklist | |
43 | [ipset blacklist] | |
44 | ||
45 | 10.0.0.8 | |
8b41cf53 | 46 | 192.168.0.0/24 |