fix README

[pve-firewall.git] / example / cluster.fw

diff --git a/example/cluster.fw b/example/cluster.fw
index b9c088fb58160b7231b25bcc6c3a6a41af0d2278..e9a57eae1e8a5e03adc51b7480f23d8bcc663700 100644 (file)
--- a/example/cluster.fw
+++ b/example/cluster.fw
@@ -1,3 +1,16 @@
+[OPTIONS]
+
+# enable firewall (cluster wide setting, default is disabled) 
+enable: 1
+
+# default policy for host rules
+policy_in: DROP
+policy_out: ACCEPT
+
+[RULES]
+
+IN  SSH(ACCEPT) vmbr0
+
 [group group1]
 
 IN  ACCEPT - - tcp 22 -
@@ -7,26 +20,15 @@ OUT ACCEPT - - icmp - -
 [group group3]
 
 IN  ACCEPT 10.0.0.1 
-IN  ACCEPT 10.0.0.2
-IN  ACCEPT 10.0.0.2 
-
-
-#ipset hash:ip
-[ipgroup ipgroup1]
-
-192.168.0.1
-192.168.0.2
-192.168.0.3
-
-
-[ipgroup ipgroup2]
+IN  ACCEPT 10.0.0.1-10.0.0.10
+IN  ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
+IN  ACCEPT +mynetgroup 
 
-192.168.0.3
-192.168.0.4
 
-#ipset hash:net
-[netgroup netgroup1]
+[ipset myipset]
 
+192.168.0.1 #mycomment
+172.16.0.10
 192.168.0.0/24
-10.0.0.0/8
+! 10.0.0.0/8  #nomatch - needs kernel 3.7 or newer