use listings for file contents

[pve-docs.git] / pve-firewall.adoc

diff --git a/pve-firewall.adoc b/pve-firewall.adoc
index 5c8587748a06b9c3a54f850042a5919a77127320..fc74a92e5c110cd36b0027ae430f7810d0e9cbc3 100644 (file)
--- a/pve-firewall.adoc
+++ b/pve-firewall.adoc
@@ -67,8 +67,8 @@ file system. So those files are automatically distributed to all
 cluster nodes, and the `pve-firewall` service updates the underlying
 `iptables` rules automatically on changes.
 
-You can configure anything using the GUI (i.e. Datacenter -> Firewall,
-or on a Node -> Firewall), or you can edit the configuration files
+You can configure anything using the GUI (i.e. *Datacenter* -> *Firewall*,
+or on a *Node* -> *Firewall*), or you can edit the configuration files
 directly using your preferred editor.
 
 Firewall configuration files contains sections of key-value
@@ -362,7 +362,7 @@ with a source IP not matching its interface's corresponding ipfilter set will
 be dropped.
 
 For containers with configured IP addresses these sets, if they exist (or are
-activated via the general `IP Filter` option in the VM's firewall's 'options'
+activated via the general `IP Filter` option in the VM's firewall's *options*
 tab), implicitly contain the associated IP addresses.
 
 For both virtual machines and containers they also implicitly contain the
@@ -475,10 +475,11 @@ set it for the `default` interface configuration and enabling it explicitly on
 the interfaces which need it. This is also the case for other settings such as
 `forwarding`, `accept_ra` or `autoconf`.
 
+
 Here's a possible setup:
-----
-# /etc/sysconf.d/90-ipv6.conf
 
+.File `/etc/sysconf.d/90-ipv6.conf`
+----
 net.ipv6.conf.default.forwarding = 0
 net.ipv6.conf.default.proxy_ndp = 0
 net.ipv6.conf.default.autoconf = 0
@@ -488,8 +489,8 @@ net.ipv6.conf.default.accept_ra = 0
 net.ipv6.conf.lo.disable_ipv6 = 0
 ----
 
+.File `/etc/network/interfaces`
 ----
-# /etc/network/interfaces
 (...)
 # Dual stack:
 iface vmbr0 inet static