[pve-devel] [PATCH 16/19] add ipv6 examples
Alexandre Derumier
aderumier at odiso.com
Wed Jul 16 01:14:32 CEST 2014
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
debian/example/100.fw | 2 ++
debian/example/cluster.fw | 9 ++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/debian/example/100.fw b/debian/example/100.fw
index 8869023..7a8da48 100644
--- a/debian/example/100.fw
+++ b/debian/example/100.fw
@@ -49,6 +49,8 @@ IN SSH(ACCEPT) -i net0 -source 10.0.0.1-10.0.0.10 #accept SSH for ip in range 10
IN SSH(ACCEPT) -i net0 -source 10.0.0.1,10.0.0.2,10.0.0.3 #accept ssh for 10.0.0.1 or 10.0.0.2 or 10.0.0.3
IN SSH(ACCEPT) -i net0 -source +mynetgroup #accept ssh for ipset mynetgroup
IN SSH(ACCEPT) -i net0 -source myserveralias #accept ssh for alias myserveralias
+IN SSH(ACCEPT) -i net0 -source FE80:0000:0000:0000:0202:B3FF:FE1E:8329
+IN ACCEPT -i net0 -p icmpv6
|IN SSH(ACCEPT) -i net0 # disabled rule
diff --git a/debian/example/cluster.fw b/debian/example/cluster.fw
index daa9ef5..f0555e9 100644
--- a/debian/example/cluster.fw
+++ b/debian/example/cluster.fw
@@ -11,6 +11,9 @@ policy_out: ACCEPT
myserveralias 10.0.0.111
mynetworkalias 10.0.0.0/24
+myserveraliasipv6 2001:db8:0:85a3:0:0:ac1f:8001
+myserveraliasipv6short 2001:db8:0:85a3::ac1f:8001
+
[RULES]
@@ -29,7 +32,8 @@ IN ACCEPT -source 10.0.0.1-10.0.0.10
IN ACCEPT -source 10.0.0.1,10.0.0.2,10.0.0.3
IN ACCEPT -source +mynetgroup
IN ACCEPT -source myserveralias
-
+IN ACCEPT -source myserveraliasipv6
+IN ACCEPT -source 2001:db8:0:85a3:0:0:ac1f:8001
[ipset myipset]
@@ -38,9 +42,12 @@ IN ACCEPT -source myserveralias
192.168.0.0/24
! 10.0.0.0/8 #nomatch - needs kernel 3.7 or newer
mynetworkalias
+2001:db8:0:85a3::ac1f:8001
+2001:db8:0:85a3:0:0:ac1f:8002
#global ipset blacklist
[ipset blacklist]
10.0.0.8
192.168.0.0/24
+2001:db8:0:85a3:0:0:ac1f:8001
--
1.7.10.4
More information about the pve-devel
mailing list