+[[chapter_pve_firewall]]
ifdef::manvolnum[]
pve-firewall(8)
===============
-include::attributes.txt[]
:pve-toplevel:
NAME
DESCRIPTION
-----------
endif::manvolnum[]
-
ifndef::manvolnum[]
{pve} Firewall
==============
-include::attributes.txt[]
+:pve-toplevel:
endif::manvolnum[]
ifdef::wiki[]
-:pve-toplevel:
:title: Firewall
endif::wiki[]
name enclosed in `[` and `]`.
+[[pve_firewall_cluster_wide_setup]]
Cluster Wide Setup
~~~~~~~~~~~~~~~~~~
firewall rules to access the GUI from remote.
+[[pve_firewall_host_specific_configuration]]
Host Specific Configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~
VM/Container Configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~
-VM firewall configuration is read xref:vm_container_configuration[AAA] from:
+VM firewall configuration is read from:
/etc/pve/firewall/<VMID>.fw
----
+[[pve_firewall_security_groups]]
Security Groups
---------------
----
-[[ipfilter-section]]
+[[pve_firewall_ipfilter_section]]
Standard IP set `ipfilter-net*`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(`ipfilter: 1`) option which can be enabled which has the same effect as adding
an `ipfilter-net*` ipset for each of the VM's network interfaces containing the
corresponding link local addresses. (See the
-<<ipfilter-section,Standard IP set `ipfilter-net*`>> section for details.)
+<<pve_firewall_ipfilter_section,Standard IP set `ipfilter-net*`>> section for details.)
Ports used by {pve}