example/cluster.fw

   1 [OPTIONS]
   2
   3 # enable firewall (cluster wide setting, default is disabled)
   4 enable: 1
   5
   6 # default policy for host rules
   7 policy_in: DROP
   8 policy_out: ACCEPT
   9
  10 [RULES]
  11
  12 IN  SSH(ACCEPT) vmbr0
  13
  14 [group group1]
  15
  16 IN  ACCEPT - - tcp 22 -
  17 OUT ACCEPT - - tcp 80 -
  18 OUT ACCEPT - - icmp - -
  19
  20 [group group3]
  21
  22 IN  ACCEPT 10.0.0.1
  23 IN  ACCEPT 10.0.0.1-10.0.0.10
  24 IN  ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
  25 IN  ACCEPT +mynetgroup
  26
  27
  28 [ipset myipset]
  29
  30 192.168.0.1 #mycomment
  31 172.16.0.10
  32 192.168.0.0/24
  33 ! 10.0.0.0/8  #nomatch - needs kernel 3.7 or newer
  34