example/100.fw

   1 # Example VM firewall configuration
   2
   3 [OPTIONS] # VM specific firewall options
   4
   5 # disable/enable the whole thing
   6 enable: 1
   7
   8 # disable/enable MAC address filter
   9 macfilter: 0
  10
  11 # default policy
  12 policy-in: DROP
  13 policy-out: REJECT
  14
  15 # log dropped incoming connection
  16 log_level_in: info
  17
  18 # disable log for outgoing connections
  19 log_level_out: nolog
  20
  21 # filter SMURFS
  22 nosmurfs: 1
  23
  24 # filter illegal combinations of TCP flags
  25 tcpflags: 1
  26
  27 # enable DHCP
  28 dhcp: 1
  29
  30
  31 [RULES]
  32
  33 #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
  34
  35 IN SSH(ACCEPT) net0
  36 IN SSH(ACCEPT) net0 # a comment
  37 IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
  38 |IN SSH(ACCEPT) net0 # disabled rule
  39
  40 # add a security group
  41 GROUP group1 net0
  42
  43 OUT DNS(ACCEPT) net0
  44 OUT Ping(ACCEPT) net0
  45 OUT SSH(ACCEPT)
  46
  47
  48