add README and example to debian package

[pve-firewall.git] / debian / example / 100.fw

diff --git a/debian/example/100.fw b/debian/example/100.fw
new file mode 100644 (file)
index 0000000..b1f65c3
--- /dev/null
+++ b/debian/example/100.fw
@@ -0,0 +1,54 @@
+# Example VM firewall configuration
+
+# VM specific firewall options
+[OPTIONS]
+
+# disable/enable the whole thing
+enable: 1 
+
+# disable/enable MAC address filter
+macfilter: 0
+
+# default policy
+policy_in: DROP
+policy_out: REJECT
+
+# log dropped incoming connection
+log_level_in: info
+
+# disable log for outgoing connections
+log_level_out: nolog
+
+# enable DHCP
+dhcp: 1
+
+# enable ips
+ips: 1
+
+# specify nfqueue queues (optionnal)
+#ips_queues: 0
+ips_queues: 0:3
+
+
+[RULES]
+
+#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
+
+IN SSH(ACCEPT) net0
+IN SSH(ACCEPT) net0 # a comment
+IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
+IN SSH(ACCEPT) net0 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10
+IN SSH(ACCEPT) net0 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
+IN SSH(ACCEPT) net0 +mynetgroup   #accept ssh for netgroup mynetgroup
+
+|IN SSH(ACCEPT) net0 # disabled rule
+
+# add a security group
+GROUP group1 net0
+
+OUT DNS(ACCEPT) net0
+OUT Ping(ACCEPT) net0
+OUT SSH(ACCEPT)
+
+
+