rules: allow connections on port range 60000:60050 in management network for migration

author Christian Ebner <c.ebner@proxmox.com>

Mon, 2 Dec 2019 15:55:57 +0000 (16:55 +0100)

committer Thomas Lamprecht <t.lamprecht@proxmox.com>

Tue, 3 Dec 2019 05:15:37 +0000 (06:15 +0100)
author Christian Ebner <c.ebner@proxmox.com>
Mon, 2 Dec 2019 15:55:57 +0000 (16:55 +0100)
committer Thomas Lamprecht <t.lamprecht@proxmox.com>
Tue, 3 Dec 2019 05:15:37 +0000 (06:15 +0100)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm

index db16e0fb62b2538ffa7e5689664128065530749d..ae67bcd0b70be577c311efb5089a43059a906d8c 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2505,6 +2505,7 @@ sub enable_host_firewall {
      ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 5900:5999", "-j $accept_action");  # PVE VNC Console
      ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 3128", "-j $accept_action");  # SPICE Proxy
      ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 22", "-j $accept_action");  # SSH
+    ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 60000:60050", "-j $accept_action");  # Migration
  
      # corosync inbound rules
      if (defined($corosync_conf)) {
author	Christian Ebner <c.ebner@proxmox.com>
	Mon, 2 Dec 2019 15:55:57 +0000 (16:55 +0100)
committer	Thomas Lamprecht <t.lamprecht@proxmox.com>
	Tue, 3 Dec 2019 05:15:37 +0000 (06:15 +0100)