[pve-docs.git] / pve-firewall-rules-opts.adoc

`--dest` `<string>` ::

Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.

`--dport` `<string>` ::

Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.

`--icmp-type` `<string>` ::

Specify icmp-type. Only valid if proto equals 'icmp'.

`--iface` `<string>` ::

Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.

`--log` `<alert | crit | debug | emerg | err | info | nolog | notice | warning>` ::

Log level for firewall rule.

`--proto` `<string>` ::

IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as defined in '/etc/protocols'.

`--source` `<string>` ::

Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.

`--sport` `<string>` ::

Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.
Commit	Line	Data
2489d6df	1	`--dest` `<string>` ::
696fb448	2
de0983cb	3	Restrict packet destination address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
696fb448	4
2489d6df	5	`--dport` `<string>` ::
696fb448	6
de0983cb	7	Restrict TCP/UDP destination port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.
696fb448	8
4772952b TL	9	`--icmp-type` `<string>` ::
	10
	11	Specify icmp-type. Only valid if proto equals 'icmp'.
	12
2489d6df	13	`--iface` `<string>` ::
696fb448	14
de0983cb	15	Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
696fb448	16
95895385 TL	17	`--log` `<alert \| crit \| debug \| emerg \| err \| info \| nolog \| notice \| warning>` ::
	18
	19	Log level for firewall rule.
	20
2489d6df	21	`--proto` `<string>` ::
696fb448	22
de0983cb	23	IP protocol. You can use protocol names ('tcp'/'udp') or simple numbers, as defined in '/etc/protocols'.
696fb448	24
2489d6df	25	`--source` `<string>` ::
696fb448	26
de0983cb	27	Restrict packet source address. This can refer to a single IP address, an IP set ('+ipsetname') or an IP alias definition. You can also specify an address range like '20.34.101.207-201.3.9.99', or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists.
696fb448	28
2489d6df	29	`--sport` `<string>` ::
696fb448	30
de0983cb	31	Restrict TCP/UDP source port. You can use service names or simple numbers (0-65535), as defined in '/etc/services'. Port ranges can be specified with '\d+:\d+', for example '80:85', and you can use comma separated list to match several ports or ranges.
696fb448	32