proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-06-14 13:01:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add auto-generated VM firewall options

Browse Source
This commit is contained in:
Dietmar Maurer 2016-04-01 12:51:41 +02:00
parent 888c41167a
commit 78ef35dc78
4 changed files with 77 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -3,7 +3,7 @@ RELEASE=4.1
PVESM_SOURCES=attributes.txt pvesm.adoc pvesm.1-synopsis.adoc $(shell ls pve-storage-*.adoc) PVESM_SOURCES=attributes.txt pvesm.adoc pvesm.1-synopsis.adoc $(shell ls pve-storage-*.adoc)
PVEUM_SOURCES=attributes.txt pveum.adoc pveum.1-synopsis.adoc PVEUM_SOURCES=attributes.txt pveum.adoc pveum.1-synopsis.adoc
VZDUMP_SOURCES=attributes.txt vzdump.adoc vzdump.1-synopsis.adoc VZDUMP_SOURCES=attributes.txt vzdump.adoc vzdump.1-synopsis.adoc
PVEFW_SOURCES=attributes.txt pve-firewall.adoc pve-firewall-rules-opts.adoc pve-firewall-cluster-opts.adoc pve-firewall-host-opts.adoc pve-firewall-macros.adoc pve-firewall.8-synopsis.adoc PVEFW_SOURCES=attributes.txt pve-firewall.adoc pve-firewall-rules-opts.adoc pve-firewall-cluster-opts.adoc pve-firewall-host-opts.adoc pve-firewall-vm-opts.adoc pve-firewall-macros.adoc pve-firewall.8-synopsis.adoc
QM_SOURCES=attributes.txt qm.adoc qm.1-synopsis.adoc QM_SOURCES=attributes.txt qm.adoc qm.1-synopsis.adoc
PCT_SOURCES=attributes.txt pct.adoc pct.1-synopsis.adoc PCT_SOURCES=attributes.txt pct.adoc pct.1-synopsis.adoc
PVEAM_SOURCES=attributes.txt pveam.adoc pveam.1-synopsis.adoc PVEAM_SOURCES=attributes.txt pveam.adoc pveam.1-synopsis.adoc
@ -87,6 +87,10 @@ pve-firewall-host-opts.adoc:
./gen-pve-firewall-host-opts.pl >$@.tmp ./gen-pve-firewall-host-opts.pl >$@.tmp
mv $@.tmp $@ mv $@.tmp $@
pve-firewall-vm-opts.adoc:
./gen-pve-firewall-vm-opts.pl >$@.tmp
mv $@.tmp $@
pve-firewall-rules-opts.adoc: pve-firewall-rules-opts.adoc:
./gen-pve-firewall-rules-opts-adoc.pl >$@.tmp ./gen-pve-firewall-rules-opts-adoc.pl >$@.tmp
mv $@.tmp $@ mv $@.tmp $@

11
gen-pve-firewall-vm-opts.pl Executable file
View File

@ -0,0 +1,11 @@
#!/usr/bin/perl
use strict;
use warnings;
use PVE::Firewall;
use PVE::RESTHandler;
my $prop = $PVE::Firewall::vm_option_properties;
print PVE::RESTHandler::dump_properties($prop);

44
pve-firewall-vm-opts.adoc Normal file
View File

@ -0,0 +1,44 @@
`dhcp`: `boolean` ::
Enable DHCP.
`enable`: `boolean` ::
Enable/disable firewall rules.
`ipfilter`: `boolean` ::
Enable default IP filters. This is equivalent to adding an empty
ipfilter-net<id> ipset for every interface. Such ipsets implicitly contain
sane default restrictions such as restricting IPv6 link local addresses to
the one derived from the interface's MAC address. For containers the
configured IP addresses will be implicitly added.
`log_level_in`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
Log level for incoming traffic.
`log_level_out`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
Log level for outgoing traffic.
`macfilter`: `boolean` ::
Enable/disable MAC address filter.
`ndp`: `boolean` ::
Enable NDP.
`policy_in`: `(ACCEPT | DROP | REJECT)` ::
Input policy.
`policy_out`: `(ACCEPT | DROP | REJECT)` ::
Output policy.
`radv`: `boolean` ::
Allow sending Router Advertisement.

21
pve-firewall.adoc
View File

@ -151,10 +151,23 @@ VM firewall configuration is read from:
and contains the following data: and contains the following data:
* IP set definitions '[OPTIONS]'::
* Alias definitions
* Firewall rules for this VM This is used to set VM/Container related firewall options.
* VM specific options
include::pve-firewall-vm-opts.adoc[]
'[RULES]'::
This sections contains VM/Container firewall rules.
'[IPSET <name>]'::
IP set definitions.
'[ALIASES]'::
IP Alias definitions.
Enabling the Firewall for VMs and Containers Enabling the Firewall for VMs and Containers