From: Dietmar Maurer Date: Fri, 10 Aug 2012 09:52:46 +0000 (+0200) Subject: better documentation X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=ec6b110036c2ea5876100344ad74883693b3888f;ds=sidebyside better documentation --- diff --git a/README b/README index 03d2d2c..b9a9da7 100644 --- a/README +++ b/README @@ -1 +1,13 @@ -Experimental software, only used for testing \ No newline at end of file +Experimental software, only used for testing. + +VM firewall rules are read from /etc/pve/firewall/.fw + +You can find examples in the example/ dir + +Use the following command to generate shorewall configuration: + +./pvefw compile + +That command overwrites /etc/shorewall/, so don't use if you have +and existing shorewall config you want to keep. + diff --git a/config/100.fw b/config/100.fw deleted file mode 100644 index 889a101..0000000 --- a/config/100.fw +++ /dev/null @@ -1,16 +0,0 @@ -# Example VM firewall configuration -#ACTION IFACE SOURCE DEST - -[IN] - -SSH(ACCEPT) net0 192.168.2.192 - - -[OUT] - - -DNS(ACCEPT) net0 -Ping(ACCEPT) net0 -SSH(ACCEPT) - - - diff --git a/example/100.fw b/example/100.fw new file mode 100644 index 0000000..94ab2a6 --- /dev/null +++ b/example/100.fw @@ -0,0 +1,24 @@ +# Example VM firewall configuration +#ACTION IFACE SOURCE DEST PROTO D-PORT S-PORT + +# ACTION: shorewall action +# IFACE: vm network interface (net0 - net5), or '-' for all interfaces +# SOURCE: source IP address, or '-' for any source +# DEST: dest IP address, or '-' for any destination address +# PROTO: see /etc/protocols +# D-PORT: destination port +# S-PORT: source port + +[IN] + +SSH(ACCEPT) net0 192.168.2.192 - + +[OUT] + + +DNS(ACCEPT) net0 +Ping(ACCEPT) net0 +SSH(ACCEPT) + + +