better documentation

diff --git a/README b/README
index 03d2d2c7e7b880041805a67b12da4929cdb1eef9..b9a9da7a08ddba0a46b5706355734b09d4faae60 100644 (file)
--- a/README
+++ b/README
@@ -1 +1,13 @@
-Experimental software, only used for testing
\ No newline at end of file
+Experimental software, only used for testing.
+
+VM firewall rules are read from /etc/pve/firewall/<VMID>.fw
+
+You can find examples in the example/ dir
+
+Use the following command to generate shorewall configuration:
+
+./pvefw compile
+
+That command overwrites /etc/shorewall/, so don't use if you have
+and existing shorewall config you want to keep.
+

diff --git a/config/100.fw b/config/100.fw
deleted file mode 100644 (file)
index 889a101..0000000
--- a/config/100.fw
+++ /dev/null
@@ -1,16 +0,0 @@
-# Example VM firewall configuration
-#ACTION IFACE SOURCE DEST
-
-[IN]
-
-SSH(ACCEPT) net0 192.168.2.192 -
-
-[OUT]
-
-
-DNS(ACCEPT) net0
-Ping(ACCEPT) net0
-SSH(ACCEPT)
-
-
-

diff --git a/example/100.fw b/example/100.fw
new file mode 100644 (file)
index 0000000..94ab2a6
--- /dev/null
+++ b/example/100.fw
@@ -0,0 +1,24 @@
+# Example VM firewall configuration
+#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
+
+# ACTION: shorewall action
+# IFACE: vm network interface (net0 - net5), or '-' for all interfaces
+# SOURCE: source IP address, or '-' for any source
+# DEST: dest IP address, or '-' for any destination address
+# PROTO: see /etc/protocols
+# D-PORT: destination port
+# S-PORT: source port
+
+[IN]
+
+SSH(ACCEPT) net0 192.168.2.192 -
+
+[OUT]
+
+
+DNS(ACCEPT) net0
+Ping(ACCEPT) net0
+SSH(ACCEPT)
+
+
+