policy_in: DROP
policy_out: ACCEPT
+[ALIASES]
+
+myserveralias 10.0.0.111
+mynetworkalias 10.0.0.0/24
+
[RULES]
IN SSH(ACCEPT) vmbr0
IN ACCEPT 10.0.0.1-10.0.0.10
IN ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
IN ACCEPT +mynetgroup
+IN ACCEPT myserveralias
[ipset myipset]
172.16.0.10
192.168.0.0/24
! 10.0.0.0/8 #nomatch - needs kernel 3.7 or newer
-
+mynetworkalias