projects
/
pve-firewall.git
/ blob
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
blame
|
history
|
raw
|
HEAD
rename netgroup to ipset
[pve-firewall.git]
/
example
/
cluster.fw
1
[OPTIONS]
2
3
enable: 1
4
5
[RULES]
6
7
IN SSH(ACCEPT) vmbr0
8
9
[group group1]
10
11
IN ACCEPT - - tcp 22 -
12
OUT ACCEPT - - tcp 80 -
13
OUT ACCEPT - - icmp - -
14
15
[group group3]
16
17
IN ACCEPT 10.0.0.1
18
IN ACCEPT 10.0.0.1-10.0.0.10
19
IN ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
20
IN ACCEPT +mynetgroup
21
22
23
[ipset myipset]
24
25
192.168.0.1 #mycomment
26
172.16.0.10
27
192.168.0.0/24
28
! 10.0.0.0/8 #nomatch
29