implemented ipset rules in iptables

[pve-firewall.git] / example / 100.fw

diff --git a/example/100.fw b/example/100.fw
index 6572fe3bd2e9c609f279d71322803a8ef4fb6d34..30d1b1bb6dceb6e3006975021c0fce07bc63e12c 100644 (file)
--- a/example/100.fw
+++ b/example/100.fw
@@ -43,6 +43,10 @@ ips_queues: 0:3
 IN SSH(ACCEPT) net0
 IN SSH(ACCEPT) net0 # a comment
 IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
+IN SSH(ACCEPT) net0 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10
+IN SSH(ACCEPT) net0 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
+IN SSH(ACCEPT) net0 +mynetgroup   #accept ssh for netgroup mynetgroup
+
 |IN SSH(ACCEPT) net0 # disabled rule
 
 # add a security group