projects / pve-firewall.git / blame
| Commit | Line | Data |
|---|---|---|
| f1bafd37 DM |
1 | { from => 'ct200', to => 'host', dport => 22, action => 'ACCEPT' } |
| 2 | { from => 'ct200', to => 'host', dport => 23, action => 'DROP' } | |
| 3 | ||
| 4 | { from => 'vm100', to => 'host', dport => 22, action => 'ACCEPT' } | |
| 5 | ||
| 6 | { from => 'host' , to => 'ct200', dport => 80, action => 'DROP' } | |
| 7 | { from => 'host' , to => 'ct200', dport => 22, action => 'ACCEPT' } | |
| 8 | ||
| 9 | { from => 'host' , to => 'vm100', dport => 80, action => 'DROP' } | |
| 10 | ||
| 11 | { from => 'ct200' , to => 'vm100', dport => 80, action => 'DROP' } | |
| 12 | ||
| 13 | { from => 'vm100' , to => 'ct200', dport => 22, action => 'ACCEPT' } | |
| 14 | ||
| d1486f38 | 15 | { from => 'vm101', to => 'vm100', dport => 22, action => 'DROP' } |
| ec2e28f6 | 16 | { from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'} |
| d1486f38 DM |
17 | |
| 18 | { from => 'ct201', to => 'ct200', dport => 22, action => 'ACCEPT' } | |
| 19 | { from => 'ct201', to => 'ct200', dport => 23, action => 'DROP' } | |
| 20 | ||
| 21 | { from => 'vm110', to => 'vm100', dport => 22, action => 'DROP' } | |
| 22 | { from => 'vm110', to => 'vm100', dport => 443, action => 'ACCEPT' } | |
| 23 | ||
| 29e5ce15 TL |
24 | { from => 'vm110', to => 'vm100', dport => 0, proto => 'icmp', action => 'ACCEPT' } |
| 25 | { from => 'vm110', to => 'vm100', dport => 'host-unreachable', proto => 'icmp', action => 'ACCEPT' } | |
| 26 | { from => 'vm110', to => 'vm100', dport => 255, proto => 'icmpv6', action => 'DROP' } | |
| 27 | ||
| 31dc73f1 DM |
28 | { from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' } |
| 29 | { from => 'outside', to => 'ct200', dport => 23, action => 'DROP' } | |
| 30 | { from => 'outside', to => 'vm100', dport => 22, action => 'DROP' } | |
| 31 | { from => 'outside', to => 'vm100', dport => 443, action => 'ACCEPT' } | |
| 32 | { from => 'outside', to => 'host', dport => 22, action => 'ACCEPT' } | |
| 33 | { from => 'outside', to => 'host', dport => 23, action => 'DROP' } | |
| 34 | ||
| ec2e28f6 | 35 | { from => 'host' , to => 'outside', dport => 80, action => 'ACCEPT'} |
| 31dc73f1 DM |
36 | { from => 'host' , to => 'outside', dport => 81, action => 'REJECT' } |
| 37 | { from => 'vm100' , to => 'outside', dport => 80, action => 'ACCEPT' } | |
| 38 | { from => 'vm100' , to => 'outside', dport => 81, action => 'REJECT' } | |
| 39 | { from => 'ct200' , to => 'outside', dport => 80, action => 'ACCEPT' } | |
| 40 | { from => 'ct200' , to => 'outside', dport => 81, action => 'REJECT' } | |
| 41 | ||
| e73072a7 DM |
42 | { from => 'outside', to => 'host', dport => 100, action => 'REJECT' } |
| 43 | { from => 'outside', to => 'host', dport => 101, action => 'DROP' } | |
| d1486f38 | 44 | |
| c0c871d8 DM |
45 | { from => 'nfvm', to => 'host', dport => 22, action => 'ACCEPT' } |
| 46 | { from => 'nfvm', to => 'host', dport => 80, action => 'DROP' } | |
| 47 | { from => 'nfvm', to => 'outside', dport => 22, action => 'ACCEPT' } | |
| 48 | { from => 'nfvm', to => 'outside', dport => 80, action => 'ACCEPT' } | |
| 49 | { from => 'nfvm', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'nfw2vm'} | |
| 50 | { from => 'nfvm', to => 'vm100', dport => 80, action => 'DROP' } | |
| 51 | { from => 'nfvm', to => 'ct200', dport => 22, action => 'ACCEPT' } | |
| 52 | { from => 'nfvm', to => 'ct200', dport => 80, action => 'DROP' } | |
| 53 | ||
| 54 | { from => 'ct200', to => 'nfvm', dport => 80, action => 'ACCEPT' } | |
| 55 | { from => 'vm100', to => 'nfvm', dport => 80, action => 'ACCEPT' } | |
| 56 | { from => 'outside', to => 'nfvm', dport => 80, action => 'ACCEPT' } | |
| 57 | { from => 'host', to => 'nfvm', dport => 80, action => 'ACCEPT' } | |
| 47ece390 DM |
58 | |
| 59 | { from => 'vmbr0/eth0', to => 'host', dport => 22, action => 'ACCEPT' } | |
| 60 | { from => 'host' , to => 'vmbr0/eth0', dport => 22, action => 'ACCEPT' } |