X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=example%2F100.fw;h=36c831ae97bcbdb9a274e84a2c9f033f6f147277;hp=94ab2a602df410db500eb1496d9e874e0984d365;hb=72f63fde6e68abfa9b1b4e35d63f4788086d2c1c;hpb=ec6b110036c2ea5876100344ad74883693b3888f

diff --git a/example/100.fw b/example/100.fw
index 94ab2a6..36c831a 100644
--- a/example/100.fw
+++ b/example/100.fw
@@ -1,24 +1,48 @@
 # Example VM firewall configuration
-#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
 
-# ACTION: shorewall action
-# IFACE: vm network interface (net0 - net5), or '-' for all interfaces
-# SOURCE: source IP address, or '-' for any source
-# DEST: dest IP address, or '-' for any destination address
-# PROTO: see /etc/protocols
-# D-PORT: destination port
-# S-PORT: source port
+[OPTIONS] # VM specific firewall options
 
-[IN]
+# disable/enable the whole thing
+enable: 1 
 
-SSH(ACCEPT) net0 192.168.2.192 -
+# disable/enable MAC address filter
+macfilter: 0
 
-[OUT]
+# default policy
+policy_in: DROP
+policy_out: REJECT
 
+# log dropped incoming connection
+log_level_in: info
 
-DNS(ACCEPT) net0
-Ping(ACCEPT) net0
-SSH(ACCEPT)
+# disable log for outgoing connections
+log_level_out: nolog
+
+# filter SMURFS
+nosmurfs: 1
+
+# filter illegal combinations of TCP flags
+tcpflags: 1
+
+# enable DHCP
+dhcp: 1
+
+
+[RULES]
+
+#TYPE ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
+
+IN SSH(ACCEPT) net0
+IN SSH(ACCEPT) net0 # a comment
+IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
+|IN SSH(ACCEPT) net0 # disabled rule
+
+# add a security group
+GROUP group1 net0
+
+OUT DNS(ACCEPT) net0
+OUT Ping(ACCEPT) net0
+OUT SSH(ACCEPT)