cert management: move some headings a level up for better visibility

[pve-docs.git] / pve-firewall.adoc

diff --git a/pve-firewall.adoc b/pve-firewall.adoc
index 2bcdf6e0c93e95d7c421598e2e3b1188d215c5e7..7089778ccf86e304e8adb987fa370fae6bac5750 100644 (file)
--- a/pve-firewall.adoc
+++ b/pve-firewall.adoc
@@ -465,7 +465,7 @@ VM/CT incoming/outgoing DROP/REJECT
 This drops or rejects all the traffic to the VMs, with some exceptions for
 DHCP, NDP, Router Advertisement, MAC and IP filtering depending on the set
 configuration.  The same rules for dropping/rejecting packets are inherited
-from the datacenter, while the exceptions for accepted incomming/outgoing
+from the datacenter, while the exceptions for accepted incoming/outgoing
 traffic of the host do not apply.
 
 Again, you can use xref:pve_firewall_iptables_inspect[iptables-save (see above)]
@@ -628,13 +628,14 @@ corresponding link local addresses.  (See the
 Ports used by {pve}
 -------------------
 
-* Web interface: 8006
-* VNC Web console: 5900-5999
-* SPICE proxy: 3128
-* sshd (used for cluster actions): 22
-* rpcbind: 111
-* corosync multicast (if you run a cluster): 5404, 5405 UDP
-
+* Web interface: 8006 (TCP, HTTP/1.1 over TLS)
+* VNC Web console: 5900-5999 (TCP, WebSocket)
+* SPICE proxy: 3128 (TCP)
+* sshd (used for cluster actions): 22 (TCP)
+* rpcbind: 111 (UDP)
+* sendmail: 25 (TCP, outgoing)
+* corosync cluster traffic: 5404, 5405 UDP
+* live migration (VM memory and local-disk data): 60000-60050 (TCP)
 
 ifdef::manvolnum[]