Proxmox/pve-docs
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-docs.git synced 2025-03-20 22:50:06 +03:00
Code Releases Activity

add auto-generated host firewall options

Browse Source
This commit is contained in:
Dietmar Maurer 2016-04-01 12:45:24 +02:00
parent c48819d1d9
commit 888c41167a
4 changed files with 67 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Makefile
View File

@ -3,7 +3,7 @@ RELEASE=4.1
PVESM_SOURCES=attributes.txt pvesm.adoc pvesm.1-synopsis.adoc $(shell ls pve-storage-*.adoc)
PVEUM_SOURCES=attributes.txt pveum.adoc pveum.1-synopsis.adoc
VZDUMP_SOURCES=attributes.txt vzdump.adoc vzdump.1-synopsis.adoc
PVEFW_SOURCES=attributes.txt pve-firewall.adoc pve-firewall-rules-opts.adoc pve-firewall-cluster-opts.adoc pve-firewall-macros.adoc pve-firewall.8-synopsis.adoc
PVEFW_SOURCES=attributes.txt pve-firewall.adoc pve-firewall-rules-opts.adoc pve-firewall-cluster-opts.adoc pve-firewall-host-opts.adoc pve-firewall-macros.adoc pve-firewall.8-synopsis.adoc
QM_SOURCES=attributes.txt qm.adoc qm.1-synopsis.adoc
PCT_SOURCES=attributes.txt pct.adoc pct.1-synopsis.adoc
PVEAM_SOURCES=attributes.txt pveam.adoc pveam.1-synopsis.adoc
@ -83,6 +83,10 @@ pve-firewall-cluster-opts.adoc:
./gen-pve-firewall-cluster-opts.pl >$@.tmp
mv $@.tmp $@
pve-firewall-host-opts.adoc:
./gen-pve-firewall-host-opts.pl >$@.tmp
mv $@.tmp $@
pve-firewall-rules-opts.adoc:
./gen-pve-firewall-rules-opts-adoc.pl >$@.tmp
mv $@.tmp $@

11
gen-pve-firewall-host-opts.pl Executable file
View File

@ -0,0 +1,11 @@
#!/usr/bin/perl
use strict;
use warnings;
use PVE::Firewall;
use PVE::RESTHandler;
my $prop = $PVE::Firewall::host_option_properties;
print PVE::RESTHandler::dump_properties($prop);

40
pve-firewall-host-opts.adoc Normal file
View File

@ -0,0 +1,40 @@
`enable`: `boolean` ::
Enable host firewall rules.
`log_level_in`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
Log level for incoming traffic.
`log_level_out`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
Log level for outgoing traffic.
`ndp`: `boolean` ::
Enable NDP.
`nf_conntrack_max`: `integer (32768 - N)` ::
Maximum number of tracked connections.
`nf_conntrack_tcp_timeout_established`: `integer (7875 - N)` ::
Conntrack established timeout.
`nosmurfs`: `boolean` ::
Enable SMURFS filter.
`smurf_log_level`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
Log level for SMURFS filter.
`tcp_flags_log_level`: `(alert | crit | debug | emerg | err | info | nolog | notice | warning)` ::
Log level for illegal tcp flags filter.
`tcpflags`: `boolean` ::
Filter illegal combinations of TCP flags.

12
pve-firewall.adoc
View File

@ -129,7 +129,17 @@ Host related configuration is read from:
This is useful if you want to overwrite rules from 'cluster.fw'
config. You can also increase log verbosity, and set netfilter related
options.
options. The configuration can contain the following sections:
'[OPTIONS]'::
This is used to set host related firewall options.
include::pve-firewall-host-opts.adoc[]
'[RULES]'::
This sections contains host specific firewall rules.
VM/Container configuration