example/cluster.fw

   1 [OPTIONS]
   2
   3 enable: 1
   4
   5 # default policy for host rules
   6 policy_in: DROP
   7 policy_out: ACCEPT
   8
   9 [RULES]
  10
  11 IN  SSH(ACCEPT) vmbr0
  12
  13 [group group1]
  14
  15 IN  ACCEPT - - tcp 22 -
  16 OUT ACCEPT - - tcp 80 -
  17 OUT ACCEPT - - icmp - -
  18
  19 [group group3]
  20
  21 IN  ACCEPT 10.0.0.1
  22 IN  ACCEPT 10.0.0.1-10.0.0.10
  23 IN  ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
  24 IN  ACCEPT +mynetgroup
  25
  26
  27 [ipset myipset]
  28
  29 192.168.0.1 #mycomment
  30 172.16.0.10
  31 192.168.0.0/24
  32 ! 10.0.0.0/8  #nomatch - needs kernel 3.7 or newer
  33