]>
Commit | Line | Data |
---|---|---|
c4a2e5ae DM |
1 | [OPTIONS] |
2 | ||
51e57fee | 3 | # enable firewall (cluster wide setting, default is disabled) |
c4a2e5ae DM |
4 | enable: 1 |
5 | ||
63324b09 DM |
6 | # default policy for host rules |
7 | policy_in: DROP | |
8 | policy_out: ACCEPT | |
9 | ||
92e1209b AD |
10 | [ALIASES] |
11 | ||
12 | myserveralias 10.0.0.111 | |
13 | mynetworkalias 10.0.0.0/24 | |
14 | ||
c4a2e5ae DM |
15 | [RULES] |
16 | ||
dba740a9 | 17 | IN SSH(ACCEPT) -i vmbr0 |
c4a2e5ae | 18 | |
92e976b3 DM |
19 | [group group1] |
20 | ||
dba740a9 DM |
21 | IN ACCEPT -p tcp -dport 22 |
22 | OUT ACCEPT -p tcp -dport 80 | |
23 | OUT ACCEPT -p icmp | |
92e976b3 DM |
24 | |
25 | [group group3] | |
26 | ||
dba740a9 DM |
27 | IN ACCEPT -source 10.0.0.1 |
28 | IN ACCEPT -source 10.0.0.1-10.0.0.10 | |
29 | IN ACCEPT -source 10.0.0.1,10.0.0.2,10.0.0.3 | |
30 | IN ACCEPT -source +mynetgroup | |
31 | IN ACCEPT -source myserveralias | |
92e976b3 | 32 | |
34cdedfa | 33 | |
936af352 | 34 | [ipset myipset] |
34cdedfa | 35 | |
2a052ee3 AD |
36 | 192.168.0.1 #mycomment |
37 | 172.16.0.10 | |
34cdedfa | 38 | 192.168.0.0/24 |
cbb5d6f3 | 39 | ! 10.0.0.0/8 #nomatch - needs kernel 3.7 or newer |
92e1209b | 40 | mynetworkalias |
88733a74 AD |
41 | |
42 | #global ipset blacklist | |
43 | [ipset blacklist] | |
44 | ||
45 | 10.0.0.8 | |
8b41cf53 | 46 | 192.168.0.0/24 |