if ($direction eq 'OUT') {
$policy = $options->{'policy-out'} || 'ACCEPT'; # allow everything by default
} else {
- $policy = $options->{'policy-in'} || 'DROP'; # allow everything by default
+ $policy = $options->{'policy-in'} || 'DROP'; # allow nothing by default
}
if ($policy eq 'ACCEPT') {
}
}
- if ($hostfw_enable) {
- # allow traffic from lo (ourself)
- ruleset_addrule($ruleset, "PVEFW-INPUT", "-i lo -j ACCEPT");
- }
-
return $ruleset;
}