]>
Commit | Line | Data |
---|---|---|
1 | Experimental software, only used for testing. | |
2 | ||
3 | Note: you need to change values in /etc/sysctl.d/pve.conf to: | |
4 | ||
5 | net.bridge.bridge-nf-call-ip6tables = 1 | |
6 | net.bridge.bridge-nf-call-iptables = 1 | |
7 | net.bridge.bridge-nf-call-arptables = 1 | |
8 | net.bridge.bridge-nf-filter-vlan-tagged = 1 | |
9 | ||
10 | and reboot after that change. | |
11 | ||
12 | ||
13 | VM firewall rules are read from /etc/pve/firewall/<VMID>.fw | |
14 | ||
15 | You can find examples in the example/ dir | |
16 | ||
17 | Note: All commands overwrites /etc/shorewall/, so don't use if you have | |
18 | and existing shorewall config you want to keep. | |
19 | ||
20 | Use the following command to generate shorewall configuration: | |
21 | ||
22 | ./pvefw compile | |
23 | ||
24 | To compile and start the firewall: | |
25 | ||
26 | ./pvefw start | |
27 | ||
28 | To compile and restart the firewall: | |
29 | ||
30 | ./pvefw restart | |
31 | ||
32 | To stop the firewall: | |
33 | ||
34 | ./pvefw stop | |
35 | ||
36 | To clear all iptable rules: | |
37 | ||
38 | ./pvefw clear |