# Example VM firewall configuration
-#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
-# ACTION: shorewall action
-# IFACE: vm network interface (net0 - net5), or '-' for all interfaces
-# SOURCE: source IP address, or '-' for any source
-# DEST: dest IP address, or '-' for any destination address
-# PROTO: see /etc/protocols
-# D-PORT: destination port
-# S-PORT: source port
+[OPTIONS] # VM specific firewall options
+
+# disable/enable the whole thing
+enable: 1
+
+# disable/enable MAC address filter
+macfilter: 0
+
+# default policy
+policy-in: DROP
+policy-out: REJECT
+
+# filter SMURFS
+nosmurfs: 1
+
+# filter illegal combinations of TCP flags
+tcpflags: 1
+
+# enable DHCP
+dhcp: 1
+
[IN]
-SSH(ACCEPT) net0 192.168.2.192 -
+#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
+
+SSH(ACCEPT) net0
+SSH(ACCEPT) net0 # a comment
+SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192
+|SSH(ACCEPT) net0 # disbaled rule
[OUT]
projects / pve-firewall.git / blobdiff