also allow VNC and SPICE traffic inside cluster_network

author Dietmar Maurer <dietmar@proxmox.com>

Tue, 20 May 2014 05:34:35 +0000 (07:34 +0200)

committer Dietmar Maurer <dietmar@proxmox.com>

Tue, 20 May 2014 05:34:35 +0000 (07:34 +0200)
author Dietmar Maurer <dietmar@proxmox.com>
Tue, 20 May 2014 05:34:35 +0000 (07:34 +0200)
committer Dietmar Maurer <dietmar@proxmox.com>
Tue, 20 May 2014 05:34:35 +0000 (07:34 +0200)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm

index cee6a22518057fc89b2a45f54c0b852816b34127..9b0e299d76ad11e04a217999d978043e8c42855b 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1750,6 +1750,8 @@ sub enable_host_firewall {
      if ($clusternet) {
         ruleset_addrule($ruleset, $chain, "-d $clusternet -p tcp --dport 8006 -j $accept_action");  # PVE API
         ruleset_addrule($ruleset, $chain, "-d $clusternet -p tcp --dport 22 -j $accept_action");  # SSH
+       ruleset_addrule($ruleset, $chain, "-d $clusternet -p tcp --dport 5900:5999 -j $accept_action");  # PVE VNC Console 
+       ruleset_addrule($ruleset, $chain, "-d $clusternet -p tcp --dport 3128 -j $accept_action");  # SPICE Proxy
   
         my $corosync_rule = "-p udp -m conntrack --ctstate NEW --dport 5404:5405 -j $accept_action";
         ruleset_addrule($ruleset, $chain, "-d $clusternet $corosync_rule");
author	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 20 May 2014 05:34:35 +0000 (07:34 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Tue, 20 May 2014 05:34:35 +0000 (07:34 +0200)