# Example VM firewall configuration

# VM specific firewall options
[OPTIONS]

# disable/enable the whole thing
enable: 1 

# disable/enable MAC address filter
macfilter: 0

# default policy
policy_in: DROP
policy_out: REJECT

# log dropped incoming connection
log_level_in: info

# disable log for outgoing connections
log_level_out: nolog

# disable SMURFS filter
nosmurfs: 0

# filter illegal combinations of TCP flags
tcpflags: 1

# enable DHCP
dhcp: 1

# enable ips
ips: 1

# specify nfqueue queues (optionnal)
#ips_queues: 0
ips_queues: 0:3


[RULES]

#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT

IN SSH(ACCEPT) net0
IN SSH(ACCEPT) net0 # a comment
IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
IN SSH(ACCEPT) net0 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10
IN SSH(ACCEPT) net0 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
IN SSH(ACCEPT) net0 +mynetgroup   #accept ssh for netgroup mynetgroup

|IN SSH(ACCEPT) net0 # disabled rule

# add a security group
GROUP group1 net0

OUT DNS(ACCEPT) net0
OUT Ping(ACCEPT) net0
OUT SSH(ACCEPT)