X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=blobdiff_plain;f=example%2Fcluster.fw;h=e9a57eae1e8a5e03adc51b7480f23d8bcc663700;hp=30009853468a599590ed1aaf4f8ff77f883eb6c6;hb=36166ca9df2a5d21f11cdbc3ce752ddbd2298d04;hpb=936af352661ca37851e1c7e47aa6649bf138b7d3

diff --git a/example/cluster.fw b/example/cluster.fw
index 3000985..e9a57ea 100644
--- a/example/cluster.fw
+++ b/example/cluster.fw
@@ -1,7 +1,12 @@
 [OPTIONS]
 
+# enable firewall (cluster wide setting, default is disabled) 
 enable: 1
 
+# default policy for host rules
+policy_in: DROP
+policy_out: ACCEPT
+
 [RULES]
 
 IN  SSH(ACCEPT) vmbr0
@@ -25,5 +30,5 @@ IN  ACCEPT +mynetgroup
 192.168.0.1 #mycomment
 172.16.0.10
 192.168.0.0/24
-! 10.0.0.0/8  #nomatch
+! 10.0.0.0/8  #nomatch - needs kernel 3.7 or newer