pve-firewall <COMMAND> [ARGS] [OPTIONS]
pve-firewall compile
Compile and print firewall rules. This is useful for testing.
pve-firewall help [OPTIONS]
Get help about specified command.
--extra-args
<array>
-
Shows help for a specific command
--verbose
<boolean>
-
Verbose output format.
pve-firewall localnet
Print information about local network.
pve-firewall restart
Restart the Proxmox VE firewall service.
pve-firewall simulate [OPTIONS]
Simulate firewall rules. This does not simulate kernel 'routing' table. Instead, this simply assumes that routing from source zone to destination zone is possible.
--dest
<string>
-
Destination IP address.
--dport
<integer>
-
Destination port.
--from
(host|outside|vm\d+|ct\d+|vmbr\d+/\S+)
('default ='outside
)-
Source zone.
--protocol
(tcp|udp)
('default ='tcp
)-
Protocol.
--source
<string>
-
Source IP address.
--sport
<integer>
-
Source port.
--to
(host|outside|vm\d+|ct\d+|vmbr\d+/\S+)
('default ='host
)-
Destination zone.
--verbose
<boolean>
('default ='0
)-
Verbose output.
pve-firewall start [OPTIONS]
Start the Proxmox VE firewall service.
--debug
<boolean>
('default ='0
)-
Debug mode - stay in foreground
pve-firewall status
Get firewall status.
pve-firewall stop
Stop firewall. This removes all Proxmox VE related iptable rules. The host is unprotected afterwards.