]>
Commit | Line | Data |
---|---|---|
ec6b1100 | 1 | # Example VM firewall configuration |
41b6fef1 DM |
2 | |
3 | [OPTIONS] # VM specific firewall options | |
4 | ||
5 | # disable/enable the whole thing | |
6 | enable: 1 | |
7 | ||
8 | # disable/enable MAC address filter | |
9 | macfilter: 0 | |
10 | ||
11 | # default policy | |
12 | policy-in: DROP | |
13 | policy-out: REJECT | |
14 | ||
178a63be DM |
15 | # log dropped incoming connection |
16 | log_level_in: info | |
17 | ||
18 | # disable log for outgoing connections | |
19 | log_level_out: nolog | |
20 | ||
41b6fef1 DM |
21 | # filter SMURFS |
22 | nosmurfs: 1 | |
23 | ||
24 | # filter illegal combinations of TCP flags | |
25 | tcpflags: 1 | |
26 | ||
27 | # enable DHCP | |
28 | dhcp: 1 | |
29 | ||
ec6b1100 | 30 | |
92e976b3 | 31 | [RULES] |
ec6b1100 | 32 | |
92e976b3 | 33 | #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT |
41b6fef1 | 34 | |
92e976b3 DM |
35 | IN SSH(ACCEPT) net0 |
36 | IN SSH(ACCEPT) net0 # a comment | |
37 | IN SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192 | |
38 | |IN SSH(ACCEPT) net0 # disabled rule | |
ec6b1100 | 39 | |
92e976b3 DM |
40 | # add a security group |
41 | GROUP group1 net0 | |
ec6b1100 | 42 | |
92e976b3 DM |
43 | OUT DNS(ACCEPT) net0 |
44 | OUT Ping(ACCEPT) net0 | |
45 | OUT SSH(ACCEPT) | |
ec6b1100 DM |
46 | |
47 | ||
48 |