# Example VM firewall configuration # VM specific firewall options [OPTIONS] # disable/enable the whole thing enable: 1 # disable/enable MAC address filter macfilter: 0 # default policy policy_in: DROP policy_out: REJECT # log dropped incoming connection log_level_in: info # disable log for outgoing connections log_level_out: nolog # disable SMURFS filter nosmurfs: 0 # filter illegal combinations of TCP flags tcpflags: 1 # enable DHCP dhcp: 1 # enable ips ips: 1 # specify nfqueue queues (optionnal) #ips_queues: 0 ips_queues: 0:3 [RULES] #TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT IN SSH(ACCEPT) net0 IN SSH(ACCEPT) net0 # a comment IN SSH(ACCEPT) net0 # only allow SSH from |IN SSH(ACCEPT) net0 # disabled rule # add a security group GROUP group1 net0 OUT DNS(ACCEPT) net0 OUT Ping(ACCEPT) net0 OUT SSH(ACCEPT)