cluster nodes, and the `pve-firewall` service updates the underlying
`iptables` rules automatically on changes.
-You can configure anything using the GUI (i.e. Datacenter -> Firewall,
-or on a Node -> Firewall), or you can edit the configuration files
+You can configure anything using the GUI (i.e. *Datacenter* -> *Firewall*,
+or on a *Node* -> *Firewall*), or you can edit the configuration files
directly using your preferred editor.
Firewall configuration files contains sections of key-value
be dropped.
For containers with configured IP addresses these sets, if they exist (or are
-activated via the general `IP Filter` option in the VM's firewall's 'options'
+activated via the general `IP Filter` option in the VM's firewall's *options*
tab), implicitly contain the associated IP addresses.
For both virtual machines and containers they also implicitly contain the
the interfaces which need it. This is also the case for other settings such as
`forwarding`, `accept_ra` or `autoconf`.
+
Here's a possible setup:
-----
-# /etc/sysconf.d/90-ipv6.conf
+.File `/etc/sysconf.d/90-ipv6.conf`
+----
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.proxy_ndp = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.lo.disable_ipv6 = 0
----
+.File `/etc/network/interfaces`
----
-# /etc/network/interfaces
(...)
# Dual stack:
iface vmbr0 inet static