asciidoc: introduce `pricing-url` variable, much like pmg-docs

[pve-docs.git] / pve-firewall.adoc

diff --git a/pve-firewall.adoc b/pve-firewall.adoc
index b759b9126b7f453dbd2cd5c71d3267e96e36fd0f..a5e40f9606501e93ad47369ad7bdf1804c7c5dc3 100644 (file)
--- a/pve-firewall.adoc
+++ b/pve-firewall.adoc
@@ -324,7 +324,7 @@ Standard IP set `management`
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 This IP set applies only to host firewalls (not VM firewalls).  Those
-IPs are allowed to do normal management tasks (PVE GUI, VNC, SPICE,
+IPs are allowed to do normal management tasks ({PVE} GUI, VNC, SPICE,
 SSH).
 
 The local cluster network is automatically added to this IP set (alias
@@ -426,7 +426,7 @@ following traffic is still allowed for all {pve} hosts in the cluster:
 * TCP traffic from management hosts to port 3128 for connections to the SPICE
   proxy
 * TCP traffic from management hosts to port 22 to allow ssh access
-* UDP traffic in the cluster network to port 5404 and 5405 for corosync
+* UDP traffic in the cluster network to ports 5405-5412 for corosync
 * UDP multicast traffic in the cluster network
 * ICMP traffic type 3 (Destination Unreachable), 4 (congestion control) or 11
   (Time Exceeded)
@@ -435,7 +435,7 @@ The following traffic is dropped, but not logged even with logging enabled:
 
 * TCP connections with invalid connection state
 * Broadcast, multicast and anycast traffic not related to corosync, i.e., not
-  coming through port 5404 or 5405
+  coming through ports 5405-5412
 * TCP traffic to port 43
 * UDP traffic to ports 135 and 445
 * UDP traffic to the port range 137 to 139
@@ -457,7 +457,7 @@ Please inspect the output of the
 
 system command to see the firewall chains and rules active on your system.
 This output is also included in a `System Report`, accessible over a node's
-subscription tab in the web GUI, or through the `pvereport` command line tool.
+subscription tab in the web GUI, or through the `pvereport` command-line tool.
 
 VM/CT incoming/outgoing DROP/REJECT
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -521,7 +521,7 @@ This allows to log in a fine grained manner and independent of the log-level
 defined for the standard rules in *Firewall* -> *Options*.
 
 While the `loglevel` for each individual rule can be defined or changed easily
-in the WebUI during creation or modification of the rule, it is possible to set
+in the web UI during creation or modification of the rule, it is possible to set
 this also via the corresponding `pvesh` API calls.
 
 Further, the log-level can also be set via the firewall configuration file by
@@ -562,7 +562,7 @@ and add `ip_conntrack_ftp` to `/etc/modules` (so that it works after a reboot).
 Suricata IPS integration
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
-If you want to use the https://suricata-ids.org/[Suricata IPS]
+If you want to use the https://suricata.io/[Suricata IPS]
 (Intrusion Prevention System), it's possible.
 
 Packets will be forwarded to the IPS only after the firewall ACCEPTed
@@ -634,7 +634,7 @@ Ports used by {pve}
 * sshd (used for cluster actions): 22 (TCP)
 * rpcbind: 111 (UDP)
 * sendmail: 25 (TCP, outgoing)
-* corosync cluster traffic: 5404, 5405 UDP
+* corosync cluster traffic: 5405-5412 UDP
 * live migration (VM memory and local-disk data): 60000-60050 (TCP)
 
 ifdef::manvolnum[]