[pve-firewall.git] / example / 100.fw

# Example VM firewall configuration
#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT

# ACTION: shorewall action
# IFACE: vm network interface (net0 - net5), or '-' for all interfaces
# SOURCE: source IP address, or '-' for any source
# DEST: dest IP address, or '-' for any destination address
# PROTO: see /etc/protocols
# D-PORT: destination port
# S-PORT: source port

[IN]

SSH(ACCEPT) net0 192.168.2.192 -

[OUT]


DNS(ACCEPT) net0
Ping(ACCEPT) net0
SSH(ACCEPT)
Commit	Line	Data
ec6b1100 DM	1	# Example VM firewall configuration
	2	#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
	3
	4	# ACTION: shorewall action
	5	# IFACE: vm network interface (net0 - net5), or '-' for all interfaces
	6	# SOURCE: source IP address, or '-' for any source
	7	# DEST: dest IP address, or '-' for any destination address
	8	# PROTO: see /etc/protocols
	9	# D-PORT: destination port
	10	# S-PORT: source port
	11
	12	[IN]
	13
	14	SSH(ACCEPT) net0 192.168.2.192 -
	15
	16	[OUT]
	17
	18
	19	DNS(ACCEPT) net0
	20	Ping(ACCEPT) net0
	21	SSH(ACCEPT)
	22
	23
	24