From: Alexandre Derumier <aderumier@odiso.com>
Date: Tue, 1 Apr 2014 14:06:12 +0000 (+0200)
Subject: implemented ipset rules in iptables
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=ba791b1f670d2d02d981b28a6e52f056906e18f2;hp=ba791b1f670d2d02d981b28a6e52f056906e18f2

implemented ipset rules in iptables

I'm reusing shorewall syntax,  +mynetgroup

also fixing iprange and iplist

vmid.fw
-------
IN SSH(ACCEPT) net0 192.168.2.192  # only allow SSH from  192.168.2.192
IN SSH(ACCEPT) net0 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10
IN SSH(ACCEPT) net0 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
IN SSH(ACCEPT) net0 +mynetgroup   #accept ssh for netgroup mynetgroup

cluster.fw
----------
IN  ACCEPT 10.0.0.1
IN  ACCEPT 10.0.0.1-10.0.0.10
IN  ACCEPT 10.0.0.1,10.0.0.2,10.0.0.3
IN  ACCEPT +mynetgroup

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---