[OPTIONS] enable: 1 [RULES] IN SSH(ACCEPT) vmbr0 [group group1] IN ACCEPT - - tcp 22 - OUT ACCEPT - - tcp 80 - OUT ACCEPT - - icmp - - [group group3] IN ACCEPT 10.0.0.1 IN ACCEPT 10.0.0.1-10.0.0.10 IN ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3 IN ACCEPT +mynetgroup [netgroup mynetgroup] 192.168.0.1 #mycomment 172.16.0.10 192.168.0.0/24 ! 10.0.0.0/8 #nomatch