]> git.proxmox.com Git - pve-firewall.git/blobdiff - debian/example/cluster.fw
projects / pve-firewall.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
add README and example to debian package
[pve-firewall.git] / debian / example / cluster.fw
diff --git a/debian/example/cluster.fw b/debian/example/cluster.fw
new file mode 100644 (file)
index 0000000..e9a57ea
--- /dev/null
+++ b/debian/example/cluster.fw
@@ -0,0 +1,34 @@
+[OPTIONS]
+
+# enable firewall (cluster wide setting, default is disabled) 
+enable: 1
+
+# default policy for host rules
+policy_in: DROP
+policy_out: ACCEPT
+
+[RULES]
+
+IN  SSH(ACCEPT) vmbr0
+
+[group group1]
+
+IN  ACCEPT - - tcp 22 -
+OUT ACCEPT - - tcp 80 -
+OUT ACCEPT - - icmp - -
+
+[group group3]
+
+IN  ACCEPT 10.0.0.1 
+IN  ACCEPT 10.0.0.1-10.0.0.10
+IN  ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
+IN  ACCEPT +mynetgroup 
+
+
+[ipset myipset]
+
+192.168.0.1 #mycomment
+172.16.0.10
+192.168.0.0/24
+! 10.0.0.0/8  #nomatch - needs kernel 3.7 or newer
+
Firewall test scripts