5.14.2. Sample rules

Example 5.34. Sample rule definitions

The following rule starts the service called MyPFService for every incoming TCP connection (proto=6).

Rule(proto=6,
    service='MyPFService'
    )

The following rule starts a service for TCP or UDP connections from the office zone.

Rule(proto=(6,17),
    src_zone='office',
    service='MyService'
    )

The following rule permits connections from the 192.168.0.0/16 IPv4 and the 2001:db8:c001:ba80::/58 IPv6 subnets. Note that since the src_subnet parameter has two values, they are specified as a Python tuple: ('value1','value2').

Rule(proto=6,
    src_subnet=('192.168.0.0/16', '2001:db8:c001:ba80::/58'),
    service='MyService'
    )

The following rule has almost every parameter set:

Rule(src_iface=('eth0', ),
    proto=6,
    dst_port=443,
    src_subnet=('192.168.10.0/24', ),
    src_zone=('office', ),
    dst_subnet=('192.168.50.50/32', ),
    dst_zone=('finance', ),
    service='MyHttpsService'
    )