From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 20 May 2014 05:34:35 +0000 (+0200)
Subject: also allow VNC and SPICE traffic inside cluster_network
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=70cc0cba90732074723cde8f96b974f18e8fcfda

also allow VNC and SPICE traffic inside cluster_network
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index cee6a22..9b0e299 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1750,6 +1750,8 @@ sub enable_host_firewall {
     if ($clusternet) {
 	ruleset_addrule($ruleset, $chain, "-d $clusternet -p tcp --dport 8006 -j $accept_action");  # PVE API
 	ruleset_addrule($ruleset, $chain, "-d $clusternet -p tcp --dport 22 -j $accept_action");  # SSH
+	ruleset_addrule($ruleset, $chain, "-d $clusternet -p tcp --dport 5900:5999 -j $accept_action");  # PVE VNC Console 
+	ruleset_addrule($ruleset, $chain, "-d $clusternet -p tcp --dport 3128 -j $accept_action");  # SPICE Proxy
  
 	my $corosync_rule = "-p udp -m conntrack --ctstate NEW --dport 5404:5405 -j $accept_action";
 	ruleset_addrule($ruleset, $chain, "-d $clusternet $corosync_rule");