mirror of
https://git.proxmox.com/git/pve-firewall
synced 2025-08-16 04:23:08 +00:00
29e5ce1536
For now without integer to full-name, and vice versa, mapping of ICMP types. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
61 lines
3.1 KiB
Plaintext
61 lines
3.1 KiB
Plaintext
{ from => 'ct200', to => 'host', dport => 22, action => 'ACCEPT' }
|
|
{ from => 'ct200', to => 'host', dport => 23, action => 'DROP' }
|
|
|
|
{ from => 'vm100', to => 'host', dport => 22, action => 'ACCEPT' }
|
|
|
|
{ from => 'host' , to => 'ct200', dport => 80, action => 'DROP' }
|
|
{ from => 'host' , to => 'ct200', dport => 22, action => 'ACCEPT' }
|
|
|
|
{ from => 'host' , to => 'vm100', dport => 80, action => 'DROP' }
|
|
|
|
{ from => 'ct200' , to => 'vm100', dport => 80, action => 'DROP' }
|
|
|
|
{ from => 'vm100' , to => 'ct200', dport => 22, action => 'ACCEPT' }
|
|
|
|
{ from => 'vm101', to => 'vm100', dport => 22, action => 'DROP' }
|
|
{ from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'}
|
|
|
|
{ from => 'ct201', to => 'ct200', dport => 22, action => 'ACCEPT' }
|
|
{ from => 'ct201', to => 'ct200', dport => 23, action => 'DROP' }
|
|
|
|
{ from => 'vm110', to => 'vm100', dport => 22, action => 'DROP' }
|
|
{ from => 'vm110', to => 'vm100', dport => 443, action => 'ACCEPT' }
|
|
|
|
{ from => 'vm110', to => 'vm100', dport => 0, proto => 'icmp', action => 'ACCEPT' }
|
|
{ from => 'vm110', to => 'vm100', dport => 'host-unreachable', proto => 'icmp', action => 'ACCEPT' }
|
|
{ from => 'vm110', to => 'vm100', dport => 255, proto => 'icmpv6', action => 'DROP' }
|
|
|
|
{ from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' }
|
|
{ from => 'outside', to => 'ct200', dport => 23, action => 'DROP' }
|
|
{ from => 'outside', to => 'vm100', dport => 22, action => 'DROP' }
|
|
{ from => 'outside', to => 'vm100', dport => 443, action => 'ACCEPT' }
|
|
{ from => 'outside', to => 'host', dport => 22, action => 'ACCEPT' }
|
|
{ from => 'outside', to => 'host', dport => 23, action => 'DROP' }
|
|
|
|
{ from => 'host' , to => 'outside', dport => 80, action => 'ACCEPT'}
|
|
{ from => 'host' , to => 'outside', dport => 81, action => 'REJECT' }
|
|
{ from => 'vm100' , to => 'outside', dport => 80, action => 'ACCEPT' }
|
|
{ from => 'vm100' , to => 'outside', dport => 81, action => 'REJECT' }
|
|
{ from => 'ct200' , to => 'outside', dport => 80, action => 'ACCEPT' }
|
|
{ from => 'ct200' , to => 'outside', dport => 81, action => 'REJECT' }
|
|
|
|
{ from => 'outside', to => 'host', dport => 100, action => 'REJECT' }
|
|
{ from => 'outside', to => 'host', dport => 101, action => 'DROP' }
|
|
|
|
{ from => 'nfvm', to => 'host', dport => 22, action => 'ACCEPT' }
|
|
{ from => 'nfvm', to => 'host', dport => 80, action => 'DROP' }
|
|
{ from => 'nfvm', to => 'outside', dport => 22, action => 'ACCEPT' }
|
|
{ from => 'nfvm', to => 'outside', dport => 80, action => 'ACCEPT' }
|
|
{ from => 'nfvm', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'nfw2vm'}
|
|
{ from => 'nfvm', to => 'vm100', dport => 80, action => 'DROP' }
|
|
{ from => 'nfvm', to => 'ct200', dport => 22, action => 'ACCEPT' }
|
|
{ from => 'nfvm', to => 'ct200', dport => 80, action => 'DROP' }
|
|
|
|
{ from => 'ct200', to => 'nfvm', dport => 80, action => 'ACCEPT' }
|
|
{ from => 'vm100', to => 'nfvm', dport => 80, action => 'ACCEPT' }
|
|
{ from => 'outside', to => 'nfvm', dport => 80, action => 'ACCEPT' }
|
|
{ from => 'host', to => 'nfvm', dport => 80, action => 'ACCEPT' }
|
|
|
|
{ from => 'vmbr0/eth0', to => 'host', dport => 22, action => 'ACCEPT' }
|
|
{ from => 'host' , to => 'vmbr0/eth0', dport => 22, action => 'ACCEPT' }
|