X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=debian%2Fexample%2F100.fw;fp=debian%2Fexample%2F100.fw;h=dffd144fee496923ebaf88ceaf15a8935b00dbf2;hp=5ccdcaed40b0eef61b32c25bd523eb75e23a26e8;hb=dba740a9c766f1584f06b87747069740fb333fcd;hpb=16adff04371097ad96ea620f1045fd55e5b7a6dc diff --git a/debian/example/100.fw b/debian/example/100.fw index 5ccdcae..dffd144 100644 --- a/debian/example/100.fw +++ b/debian/example/100.fw @@ -32,23 +32,29 @@ ips_queues: 0:3 [RULES] -#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT - -IN SSH(ACCEPT) net0 -IN SSH(ACCEPT) net0 # a comment -IN SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192 -IN SSH(ACCEPT) net0 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10 -IN SSH(ACCEPT) net0 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3 -IN SSH(ACCEPT) net0 +mynetgroup #accept ssh for netgroup mynetgroup -IN SSH(ACCEPT) net0 myserveralias #accept ssh for alias myserveralias - -|IN SSH(ACCEPT) net0 # disabled rule +#TYPE ACTION [OPTIONS] +# -i +# -source +# -dest +# -p +# -dport +# -sport + +IN SSH(ACCEPT) -i net0 +IN SSH(ACCEPT) -i net0 # a comment +IN SSH(ACCEPT) -i net0 -source 192.168.2.192 # only allow SSH from 192.168.2.192 +IN SSH(ACCEPT) -i net0 -source 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10 +IN SSH(ACCEPT) -i net0 -source 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3 +IN SSH(ACCEPT) -i net0 -source +mynetgroup #accept ssh for netgroup mynetgroup +IN SSH(ACCEPT) -i net0 -source myserveralias #accept ssh for alias myserveralias + +|IN SSH(ACCEPT) -i net0 # disabled rule # add a security group -GROUP group1 net0 +GROUP group1 -i net0 -OUT DNS(ACCEPT) net0 -OUT Ping(ACCEPT) net0 +OUT DNS(ACCEPT) -i net0 +OUT Ping(ACCEPT) -i net0 OUT SSH(ACCEPT)