]> git.proxmox.com Git - pve-firewall.git/commit
projects / pve-firewall.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 68c90e2) | patch
implemented ipset rules in iptables
authorAlexandre Derumier <aderumier@odiso.com>
Tue, 1 Apr 2014 14:06:12 +0000 (16:06 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Thu, 3 Apr 2014 05:31:57 +0000 (07:31 +0200)
commitba791b1f670d2d02d981b28a6e52f056906e18f2
tree3b02278aebbc1a2a061399600c567b79158fa44atree
parent68c90e210e53b10f63b47da62c06507afc68ef6ecommit | diff
implemented ipset rules in iptables

I'm reusing shorewall syntax,  +mynetgroup

also fixing iprange and iplist

vmid.fw
-------
IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
IN SSH(ACCEPT) net0 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10
IN SSH(ACCEPT) net0 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
IN SSH(ACCEPT) net0 +mynetgroup   #accept ssh for netgroup mynetgroup

cluster.fw
----------
IN  ACCEPT 10.0.0.1
IN  ACCEPT 10.0.0.1-10.0.0.10
IN  ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
IN  ACCEPT +mynetgroup

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
example/100.fw diff | blob | blame | history
example/cluster.fw diff | blob | blame | history
src/PVE/Firewall.pm diff | blob | blame | history
Firewall test scripts