# Example VM firewall configuration
-[OPTIONS] # VM specific firewall options
+# VM specific firewall options
+[OPTIONS]
# disable/enable the whole thing
enable: 1
macfilter: 0
# default policy
-policy-in: DROP
-policy-out: REJECT
+policy_in: DROP
+policy_out: REJECT
# log dropped incoming connection
log_level_in: info
# disable log for outgoing connections
log_level_out: nolog
-# filter SMURFS
-nosmurfs: 1
+# disable SMURFS filter
+nosmurfs: 0
# filter illegal combinations of TCP flags
tcpflags: 1
# enable DHCP
dhcp: 1
+# enable ips
+ips: 1
-[IN]
+# specify nfqueue queues (optionnal)
+#ips_queues: 0
+ips_queues: 0:3
-#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
-SSH(ACCEPT) net0
-SSH(ACCEPT) net0 # a comment
-SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192
-|SSH(ACCEPT) net0 # disbaled rule
+[RULES]
-[OUT]
+#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
+IN SSH(ACCEPT) net0
+IN SSH(ACCEPT) net0 # a comment
+IN SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192
+|IN SSH(ACCEPT) net0 # disabled rule
-DNS(ACCEPT) net0
-Ping(ACCEPT) net0
-SSH(ACCEPT)
+# add a security group
+GROUP group1 net0
+
+OUT DNS(ACCEPT) net0
+OUT Ping(ACCEPT) net0
+OUT SSH(ACCEPT)