-Experimental software, only used for testing
\ No newline at end of file
+Experimental software, only used for testing.
+
+VM firewall rules are read from /etc/pve/firewall/<VMID>.fw
+
+You can find examples in the example/ dir
+
+Use the following command to generate shorewall configuration:
+
+./pvefw compile
+
+That command overwrites /etc/shorewall/, so don't use if you have
+and existing shorewall config you want to keep.
+
+++ /dev/null
-# Example VM firewall configuration
-#ACTION IFACE SOURCE DEST
-
-[IN]
-
-SSH(ACCEPT) net0 192.168.2.192 -
-
-[OUT]
-
-
-DNS(ACCEPT) net0
-Ping(ACCEPT) net0
-SSH(ACCEPT)
-
-
-
--- /dev/null
+# Example VM firewall configuration
+#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT
+
+# ACTION: shorewall action
+# IFACE: vm network interface (net0 - net5), or '-' for all interfaces
+# SOURCE: source IP address, or '-' for any source
+# DEST: dest IP address, or '-' for any destination address
+# PROTO: see /etc/protocols
+# D-PORT: destination port
+# S-PORT: source port
+
+[IN]
+
+SSH(ACCEPT) net0 192.168.2.192 -
+
+[OUT]
+
+
+DNS(ACCEPT) net0
+Ping(ACCEPT) net0
+SSH(ACCEPT)
+
+
+