2014-04-05 11:26:08 -06:00
|
|
|
# Filters / Access Control List
|
|
|
|
# Use this file to set up more complex access control lists.
|
|
|
|
# Use tabs or single space to separate
|
|
|
|
#
|
2014-04-12 17:05:33 -06:00
|
|
|
# <direction> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state>
|
2014-04-05 11:26:08 -06:00
|
|
|
#
|
|
|
|
# Direction: Required ( IN | OUT )
|
|
|
|
# Action: Required (ACCEPT | DROP)
|
|
|
|
# Interface: Optional ( interface name, aka eth0 )
|
|
|
|
# Src Address: Optional ( source of traffic )
|
|
|
|
# Src Port: Optional ( source port, 1 - 65535, Requires Protocol )
|
|
|
|
# Dst Address: Optional ( destination of traffic )
|
|
|
|
# Dst Port: Optional ( destination port, 1 - 65535, Requires Protocol )
|
|
|
|
# Protocol: Optional, Required if port is specified ( tcp | udp )
|
2014-04-12 12:32:12 -06:00
|
|
|
# Syn: Optional, only match (not) syn packets (syn | notsyn )
|
2014-04-12 17:05:33 -06:00
|
|
|
# State: Optional, set the connection tracking states ( comma separated list )
|
|
|
|
|
2014-04-05 11:26:08 -06:00
|
|
|
# You can use '-' for optional fields
|
|
|
|
#============================================================
|
2014-04-12 17:05:33 -06:00
|
|
|
#<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state>
|
2014-04-12 12:32:12 -06:00
|
|
|
#IN ACCEPT eth0 10.0.0.1 22 - - tcp -
|
|
|
|
#IN DROP - - - - 22 tcp syn
|
2014-04-05 11:26:08 -06:00
|
|
|
|