]>
Commit | Line | Data |
---|---|---|
1 | # Example VM firewall configuration | |
2 | ||
3 | [OPTIONS] # VM specific firewall options | |
4 | ||
5 | # disable/enable the whole thing | |
6 | enable: 1 | |
7 | ||
8 | # disable/enable MAC address filter | |
9 | macfilter: 0 | |
10 | ||
11 | # default policy | |
12 | policy_in: DROP | |
13 | policy_out: REJECT | |
14 | ||
15 | # log dropped incoming connection | |
16 | log_level_in: info | |
17 | ||
18 | # disable log for outgoing connections | |
19 | log_level_out: nolog | |
20 | ||
21 | # filter SMURFS | |
22 | nosmurfs: 1 | |
23 | ||
24 | # filter illegal combinations of TCP flags | |
25 | tcpflags: 1 | |
26 | ||
27 | # enable DHCP | |
28 | dhcp: 1 | |
29 | ||
30 | ||
31 | [RULES] | |
32 | ||
33 | #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT | |
34 | ||
35 | IN SSH(ACCEPT) net0 | |
36 | IN SSH(ACCEPT) net0 # a comment | |
37 | IN SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192 | |
38 | |IN SSH(ACCEPT) net0 # disabled rule | |
39 | ||
40 | # add a security group | |
41 | GROUP group1 net0 | |
42 | ||
43 | OUT DNS(ACCEPT) net0 | |
44 | OUT Ping(ACCEPT) net0 | |
45 | OUT SSH(ACCEPT) | |
46 | ||
47 | ||
48 |