macfilter: 0
# default policy
-policy-in: DROP
-policy-out: REJECT
+policy_in: DROP
+policy_out: REJECT
+
+# log dropped incoming connection
+log_level_in: info
+
+# disable log for outgoing connections
+log_level_out: nolog
# filter SMURFS
nosmurfs: 1
dhcp: 1
-[IN]
-
-#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
+[RULES]
-SSH(ACCEPT) net0
-SSH(ACCEPT) net0 # a comment
-SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192
-|SSH(ACCEPT) net0 # disbaled rule
+#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
-[OUT]
+IN SSH(ACCEPT) net0
+IN SSH(ACCEPT) net0 # a comment
+IN SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192
+|IN SSH(ACCEPT) net0 # disabled rule
+# add a security group
+GROUP group1 net0
-DNS(ACCEPT) net0
-Ping(ACCEPT) net0
-SSH(ACCEPT)
+OUT DNS(ACCEPT) net0
+OUT Ping(ACCEPT) net0
+OUT SSH(ACCEPT)
projects / pve-firewall.git / blobdiff