example/100.fw

   1 # Example VM firewall configuration
   2
   3 [OPTIONS] # VM specific firewall options
   4
   5 # disable/enable the whole thing
   6 enable: 1
   7
   8 # disable/enable MAC address filter
   9 macfilter: 0
  10
  11 # default policy
  12 policy-in: DROP
  13 policy-out: REJECT
  14
  15 # log dropped incoming connection
  16 log_level_in: info
  17
  18 # disable log for outgoing connections
  19 log_level_out: nolog
  20
  21 # filter SMURFS
  22 nosmurfs: 1
  23
  24 # filter illegal combinations of TCP flags
  25 tcpflags: 1
  26
  27 # enable DHCP
  28 dhcp: 1
  29
  30
  31 [IN]
  32
  33 #ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
  34
  35 SSH(ACCEPT) net0
  36 SSH(ACCEPT) net0 # a comment
  37 SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
  38 |SSH(ACCEPT) net0 # disbaled rule
  39
  40 [OUT]
  41
  42
  43 DNS(ACCEPT) net0
  44 Ping(ACCEPT) net0
  45 SSH(ACCEPT)
  46
  47
  48