allow API/SSH/SPICE/VNC traffic on local cluster network by default

[pve-firewall.git] / test / test-group1 / tests

diff --git a/test/test-group1/tests b/test/test-group1/tests
index d7413cc87f69280bc6ceef3f68a311ddab57774e..22c837a05a331cedcdbd49088043475a77f76161 100644 (file)
--- a/test/test-group1/tests
+++ b/test/test-group1/tests
@@ -1,3 +1,6 @@
+{ from => 'outside', to => 'vm100', source => '192.168.4.1', dport => 22, action => 'DROP' }
+{ from => 'outside', to => 'vm100', source => '192.168.3.1', dport => 22, action => 'ACCEPT' }
+
 { from => 'host', source => '192.168.2.1', dport => 22, action => 'ACCEPT' }
 { from => 'host', source => '192.168.2.1', dport => 443, action => 'REJECT' }
 { from => 'host', source => '192.168.2.1', dport => 80, action => 'REJECT' }
@@ -6,3 +9,12 @@
 { to => 'host', source => '127.0.0.1', dport => 22, action => 'DROP' }
 { to => 'host', source => '192.168.2.1', dport => 22, action => 'ACCEPT' }
 { to => 'host', source => '192.168.2.1', dport => 80, action => 'REJECT' }
+
+{ to => 'vm100', source => '192.168.3.1', dport => 22, action => 'ACCEPT' }
+{ to => 'vm100', source => '192.168.4.1', dport => 22, action => 'DROP' }
+
+{ from => 'outside', to => 'ct200', source => '192.168.6.1', dport => 22, action => 'ACCEPT' }
+{ from => 'outside', to => 'ct200', source => '192.168.7.1', dport => 22, action => 'DROP' }
+
+
+