SRFirewall/etc/ipv6/acl.conf

25 lines
1.3 KiB
Plaintext

# Filters / Access Control List
# Use this file to set up more complex access control lists.
# Use tabs or single space to separate
#
# <direction> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
#
# Direction: Required ( IN | OUT )
# Action: Required (ACCEPT | DROP)
# Interface: Optional ( interface name, aka eth0 )
# Src Address: Optional ( source of traffic )
# Src Port: Optional ( source port, 1 - 65535, Requires Protocol )
# Dst Address: Optional ( destination of traffic )
# Dst Port: Optional ( destination port, 1 - 65535, Requires Protocol )
# Protocol: Optional, Required if port is specified ( tcp | udp )
# Syn: Optional, only match (not) syn packets (syn | notsyn )
# State: Optional, set the connection tracking states ( comma separated list )
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
#
# You can use '-' for optional fields
#============================================================
#<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
#IN ACCEPT eth0 2002:dead:beef::/64 22 - - tcp -
#IN DROP - - - - 22 tcp syn
#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - -m policy --dir in --pol ipsec --proto esp