]>
Commit | Line | Data |
---|---|---|
1 | # Example VM firewall configuration | |
2 | ||
3 | # VM specific firewall options | |
4 | [OPTIONS] | |
5 | ||
6 | # disable/enable the whole thing | |
7 | enable: 1 | |
8 | ||
9 | # disable/enable MAC address filter | |
10 | macfilter: 0 | |
11 | ||
12 | # default policy | |
13 | policy_in: DROP | |
14 | policy_out: REJECT | |
15 | ||
16 | # log dropped incoming connection | |
17 | log_level_in: info | |
18 | ||
19 | # disable log for outgoing connections | |
20 | log_level_out: nolog | |
21 | ||
22 | # enable DHCP | |
23 | dhcp: 1 | |
24 | ||
25 | # enable ips | |
26 | ips: 1 | |
27 | ||
28 | # specify nfqueue queues (optionnal) | |
29 | #ips_queues: 0 | |
30 | ips_queues: 0:3 | |
31 | ||
32 | ||
33 | [RULES] | |
34 | ||
35 | #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT | |
36 | ||
37 | IN SSH(ACCEPT) net0 | |
38 | IN SSH(ACCEPT) net0 # a comment | |
39 | IN SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192 | |
40 | IN SSH(ACCEPT) net0 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10 | |
41 | IN SSH(ACCEPT) net0 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3 | |
42 | IN SSH(ACCEPT) net0 +mynetgroup #accept ssh for netgroup mynetgroup | |
43 | ||
44 | |IN SSH(ACCEPT) net0 # disabled rule | |
45 | ||
46 | # add a security group | |
47 | GROUP group1 net0 | |
48 | ||
49 | OUT DNS(ACCEPT) net0 | |
50 | OUT Ping(ACCEPT) net0 | |
51 | OUT SSH(ACCEPT) | |
52 | ||
53 | ||
54 |