1 Experimental software, only used for testing.
3 Note: you need to change values in /etc/sysctl.d/pve.conf to:
5 net.bridge.bridge-nf-call-ip6tables = 1
6 net.bridge.bridge-nf-call-iptables = 1
7 net.bridge.bridge-nf-call-arptables = 1
8 net.bridge.bridge-nf-filter-vlan-tagged = 1
10 and reboot after that change.
13 VM firewall rules are read from /etc/pve/firewall/<VMID>.fw
15 You can find examples in the example/ dir
17 Note: All commands overwrites /etc/shorewall/, so don't use if you have
18 and existing shorewall config you want to keep.
20 Use the following command to generate shorewall configuration:
24 To compile and start the firewall:
28 To compile and restart the firewall:
36 To clear all iptable rules: