example/100.fw

   1 # Example VM firewall configuration
   2
   3 # VM specific firewall options
   4 [OPTIONS]
   5
   6 # disable/enable the whole thing
   7 enable: 1
   8
   9 # disable/enable MAC address filter
  10 macfilter: 0
  11
  12 # default policy
  13 policy_in: DROP
  14 policy_out: REJECT
  15
  16 # log dropped incoming connection
  17 log_level_in: info
  18
  19 # disable log for outgoing connections
  20 log_level_out: nolog
  21
  22 # filter SMURFS
  23 nosmurfs: 1
  24
  25 # filter illegal combinations of TCP flags
  26 tcpflags: 1
  27
  28 # enable DHCP
  29 dhcp: 1
  30
  31
  32 [RULES]
  33
  34 #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
  35
  36 IN SSH(ACCEPT) net0
  37 IN SSH(ACCEPT) net0 # a comment
  38 IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
  39 |IN SSH(ACCEPT) net0 # disabled rule
  40
  41 # add a security group
  42 GROUP group1 net0
  43
  44 OUT DNS(ACCEPT) net0
  45 OUT Ping(ACCEPT) net0
  46 OUT SSH(ACCEPT)
  47
  48
  49