5.13.2. Sample rules

Example 5.36. Sample rule definitions
The following rule starts the service called `MyPFService` for every incoming TCP connection (`proto=6`). Rule(proto=6, service='MyPFService' ) The following rule starts a service for TCP or UDP connections from the `office` zone. Rule(proto=(6,17), src_zone='office', service='MyService' ) The following rule permits connections from the `192.168.0.0/16` IPv4 and the `2001:db8:c001:ba80::/58` IPv6 subnets. Note that since the `src_subnet` parameter has two values, they are specified as a Python tuple: `('value1','value2')`. Rule(proto=6, src_subnet=('192.168.0.0/16', '2001:db8:c001:ba80::/58'), service='MyService' ) The following rule has almost every parameter set: Rule(src_iface=('eth0', ), proto=6, dst_port=443, src_subnet=('192.168.10.0/24', ), src_zone=('office', ), dst_subnet=('192.168.50.50/32', ), dst_zone=('finance', ), service='MyHttpsService' )

Example 5.36. Sample rule definitions

The following rule starts the service called MyPFService for every incoming TCP connection (proto=6).

Rule(proto=6,
    service='MyPFService'
    )

The following rule starts a service for TCP or UDP connections from the office zone.

Rule(proto=(6,17),
    src_zone='office',
    service='MyService'
    )

The following rule permits connections from the 192.168.0.0/16 IPv4 and the 2001:db8:c001:ba80::/58 IPv6 subnets. Note that since the src_subnet parameter has two values, they are specified as a Python tuple: ('value1','value2').

Rule(proto=6,
    src_subnet=('192.168.0.0/16', '2001:db8:c001:ba80::/58'),
    service='MyService'
    )

The following rule has almost every parameter set:

Rule(src_iface=('eth0', ),
    proto=6,
    dst_port=443,
    src_subnet=('192.168.10.0/24', ),
    src_zone=('office', ),
    dst_subnet=('192.168.50.50/32', ),
    dst_zone=('finance', ),
    service='MyHttpsService'
    )

Previous	Up	Next
	Home

Zorp GPL 7 Reference Guide

5.13. Module Rule

5.13.2. Sample rules