# Filters / Access Control List # Use this file to set up more complex access control lists. # Use tabs or single space to separate # # # # Direction: Required ( IN | OUT ) # Action: Required (ACCEPT | DROP) # Interface: Optional ( interface name, aka eth0 ) # Src Address: Optional ( source of traffic ) # Src Port: Optional ( source port, 1 - 65535, Requires Protocol ) # Dst Address: Optional ( destination of traffic ) # Dst Port: Optional ( destination port, 1 - 65535, Requires Protocol ) # Protocol: Optional, Required if port is specified ( tcp | udp ) # Syn: Optional, only match (not) syn packets (syn | notsyn ) # State: Optional, set the connection tracking states ( comma separated list ) # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP # # You can use '-' for optional fields #============================================================ # #IN ACCEPT eth0 10.0.0.1 22 - - tcp - #IN DROP - - - - 22 tcp syn #IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - -m policy --dir in --pol ipsec --proto esp