I'm reusing shorewall syntax, +mynetgroup
also fixing iprange and iplist
vmid.fw
-------
IN SSH(ACCEPT) net0 192.168.2.192 # only allow SSH from 192.168.2.192
IN SSH(ACCEPT) net0 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10
IN SSH(ACCEPT) net0 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
IN SSH(ACCEPT) net0 +mynetgroup #accept ssh for netgroup mynetgroup
cluster.fw
----------
IN ACCEPT 10.0.0.1
IN ACCEPT 10.0.0.1-10.0.0.10
IN ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
IN ACCEPT +mynetgroup
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
projects / pve-firewall.git / commitdiff