From d562837827f00527f755354e0ec6e29778f0dcc7 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Thu, 12 Jun 2014 08:36:05 +0200
Subject: [PATCH] add example for ipfilter ipset

---
 debian/example/100.fw | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/example/100.fw b/debian/example/100.fw
index dffd144..8869023 100644
--- a/debian/example/100.fw
+++ b/debian/example/100.fw
@@ -29,6 +29,8 @@ ips: 1
 #ips_queues: 0
 ips_queues: 0:3
 
+[IPSET ipfilter-net0] # only allow specified IPs on net0
+192.168.2.10
 
 [RULES]
 
@@ -45,7 +47,7 @@ IN SSH(ACCEPT) -i net0 # a comment
 IN SSH(ACCEPT) -i net0 -source 192.168.2.192  # only allow SSH from  192.168.2.192
 IN SSH(ACCEPT) -i net0 -source 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10.0.0.1 to 10.0.0.10
 IN SSH(ACCEPT) -i net0 -source 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
-IN SSH(ACCEPT) -i net0 -source +mynetgroup   #accept ssh for netgroup mynetgroup
+IN SSH(ACCEPT) -i net0 -source +mynetgroup   #accept ssh for ipset mynetgroup
 IN SSH(ACCEPT) -i net0 -source myserveralias   #accept ssh for alias myserveralias
 
 |IN SSH(ACCEPT) -i net0 # disabled rule
-- 
2.39.2