]>
Commit | Line | Data |
---|---|---|
ec6b1100 | 1 | # Example VM firewall configuration |
41b6fef1 DM |
2 | |
3 | [OPTIONS] # VM specific firewall options | |
4 | ||
5 | # disable/enable the whole thing | |
6 | enable: 1 | |
7 | ||
8 | # disable/enable MAC address filter | |
9 | macfilter: 0 | |
10 | ||
11 | # default policy | |
12 | policy-in: DROP | |
13 | policy-out: REJECT | |
14 | ||
15 | # filter SMURFS | |
16 | nosmurfs: 1 | |
17 | ||
18 | # filter illegal combinations of TCP flags | |
19 | tcpflags: 1 | |
20 | ||
21 | # enable DHCP | |
22 | dhcp: 1 | |
23 | ||
ec6b1100 | 24 | |
ec6b1100 DM |
25 | [IN] |
26 | ||
41b6fef1 DM |
27 | #ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT |
28 | ||
29 | SSH(ACCEPT) net0 | |
30 | SSH(ACCEPT) net0 # a comment | |
31 | SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192 | |
32 | |SSH(ACCEPT) net0 # disbaled rule | |
ec6b1100 DM |
33 | |
34 | [OUT] | |
35 | ||
36 | ||
37 | DNS(ACCEPT) net0 | |
38 | Ping(ACCEPT) net0 | |
39 | SSH(ACCEPT) | |
40 | ||
41 | ||
42 |