X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=debian%2Fexample%2Fcluster.fw;h=f0555e99686dd136b1fb62d0e629db114f7b9af4;hp=bf5a98f2df46b1677c52af44099c76afb0cfd9b5;hb=a6811508c4532792400c10ddf0ea8906e4b6653c;hpb=92e1209bfb984c18735dbc73ac929fb0a9832b52

diff --git a/debian/example/cluster.fw b/debian/example/cluster.fw
index bf5a98f..f0555e9 100644
--- a/debian/example/cluster.fw
+++ b/debian/example/cluster.fw
@@ -11,25 +11,29 @@ policy_out: ACCEPT
 
 myserveralias 10.0.0.111
 mynetworkalias 10.0.0.0/24
+myserveraliasipv6 2001:db8:0:85a3:0:0:ac1f:8001
+myserveraliasipv6short 2001:db8:0:85a3::ac1f:8001
+
 
 [RULES]
 
-IN  SSH(ACCEPT) vmbr0
+IN  SSH(ACCEPT) -i vmbr0
 
 [group group1]
 
-IN  ACCEPT - - tcp 22 -
-OUT ACCEPT - - tcp 80 -
-OUT ACCEPT - - icmp - -
+IN  ACCEPT -p tcp -dport 22
+OUT ACCEPT -p tcp -dport 80
+OUT ACCEPT -p icmp
 
 [group group3]
 
-IN  ACCEPT 10.0.0.1 
-IN  ACCEPT 10.0.0.1-10.0.0.10
-IN  ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
-IN  ACCEPT +mynetgroup 
-IN  ACCEPT myserveralias
-
+IN  ACCEPT -source 10.0.0.1 
+IN  ACCEPT -source 10.0.0.1-10.0.0.10
+IN  ACCEPT -source 10.0.0.1,10.0.0.2,10.0.0.3
+IN  ACCEPT -source +mynetgroup 
+IN  ACCEPT -source myserveralias
+IN  ACCEPT -source myserveraliasipv6
+IN  ACCEPT -source 2001:db8:0:85a3:0:0:ac1f:8001
 
 [ipset myipset]
 
@@ -38,3 +42,12 @@ IN  ACCEPT myserveralias
 192.168.0.0/24
 ! 10.0.0.0/8  #nomatch - needs kernel 3.7 or newer
 mynetworkalias
+2001:db8:0:85a3::ac1f:8001
+2001:db8:0:85a3:0:0:ac1f:8002
+
+#global ipset blacklist
+[ipset blacklist]
+
+10.0.0.8
+192.168.0.0/24
+2001:db8:0:85a3:0:0:ac1f:8001