41c7c199456b519b29f5da22483986a5747d9315
[pve-firewall.git] / README
1 Experimental software, only used for testing.
2
3 Note: you need to change values in /etc/sysctl.d/pve.conf to:
4
5 net.bridge.bridge-nf-call-ip6tables = 1
6 net.bridge.bridge-nf-call-iptables = 1
7 net.bridge.bridge-nf-call-arptables = 1
8 net.bridge.bridge-nf-filter-vlan-tagged = 1
9
10 and reboot after that change.
11
12
13 VM firewall rules are read from /etc/pve/firewall/<VMID>.fw
14
15 You can find examples in the example/ dir
16
17 Note: All commands overwrites /etc/shorewall/, so don't use if you have
18 and existing shorewall config you want to keep.
19
20 Use the following command to generate shorewall configuration:
21
22 ./pvefw compile
23
24 To compile and start the firewall:
25
26 ./pvefw start
27
28 To compile and restart the firewall:
29
30 ./pvefw restart
31
32 To stop the firewall:
33
34 ./pvefw stop
35
36 To clear all iptable rules:
37
38 ./pvefw clear