[pve-firewall.git] / example / 100.fw

# Example VM firewall configuration

[OPTIONS] # VM specific firewall options

# disable/enable the whole thing
enable: 1 

# disable/enable MAC address filter
macfilter: 0

# default policy
policy-in: DROP
policy-out: REJECT

# filter SMURFS
nosmurfs: 1

# filter illegal combinations of TCP flags
tcpflags: 1

# enable DHCP
dhcp: 1


[IN]

#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT

SSH(ACCEPT) net0
SSH(ACCEPT) net0 # a comment
SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
|SSH(ACCEPT) net0 # disbaled rule

[OUT]


DNS(ACCEPT) net0
Ping(ACCEPT) net0
SSH(ACCEPT)
Commit	Line	Data
ec6b1100	1	# Example VM firewall configuration
41b6fef1 DM	2
	3	[OPTIONS] # VM specific firewall options
	4
	5	# disable/enable the whole thing
	6	enable: 1
	7
	8	# disable/enable MAC address filter
	9	macfilter: 0
	10
	11	# default policy
	12	policy-in: DROP
	13	policy-out: REJECT
	14
	15	# filter SMURFS
	16	nosmurfs: 1
	17
	18	# filter illegal combinations of TCP flags
	19	tcpflags: 1
	20
	21	# enable DHCP
	22	dhcp: 1
	23
ec6b1100	24
ec6b1100 DM	25	[IN]
ec6b1100 DM	26
41b6fef1 DM	27	#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
	28
	29	SSH(ACCEPT) net0
	30	SSH(ACCEPT) net0 # a comment
	31	SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192
	32	\|SSH(ACCEPT) net0 # disbaled rule
ec6b1100 DM	33
	34	[OUT]
	35
	36
	37	DNS(ACCEPT) net0
	38	Ping(ACCEPT) net0
	39	SSH(ACCEPT)
	40
	41
	42