3 # enable firewall (cluster wide setting, default is disabled)
6 # default policy for host rules
12 myserveralias 10.0.0.111
13 mynetworkalias 10.0.0.0/24
17 IN SSH(ACCEPT) -i vmbr0
21 IN ACCEPT -p tcp -dport 22
22 OUT ACCEPT -p tcp -dport 80
27 IN ACCEPT -source 10.0.0.1
28 IN ACCEPT -source 10.0.0.1-10.0.0.10
29 IN ACCEPT -source 10.0.0.1,10.0.0.2,10.0.0.3
30 IN ACCEPT -source +mynetgroup
31 IN ACCEPT -source myserveralias
36 192.168.0.1 #mycomment
39 ! 10.0.0.0/8 #nomatch - needs kernel 3.7 or newer
42 #global ipset blacklist