+++ /dev/null
-[OPTIONS]
-
-# enable firewall (cluster wide setting, default is disabled)
-enable: 1
-
-# default policy for host rules
-policy_in: DROP
-policy_out: ACCEPT
-
-[RULES]
-
-IN SSH(ACCEPT) vmbr0
-
-[group group1]
-
-IN ACCEPT - - tcp 22 -
-OUT ACCEPT - - tcp 80 -
-OUT ACCEPT - - icmp - -
-
-[group group3]
-
-IN ACCEPT 10.0.0.1
-IN ACCEPT 10.0.0.1-10.0.0.10
-IN ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
-IN ACCEPT +mynetgroup
-
-
-[ipset myipset]
-
-192.168.0.1 #mycomment
-172.16.0.10
-192.168.0.0/24
-! 10.0.0.0/8 #nomatch - needs kernel 3.7 or newer
-