pve-firewall <COMMAND> [ARGS] [OPTIONS]
pve-firewall compile
Compile and print firewall rules. This is useful for testing.
pve-firewall help [OPTIONS]
Get help about specified command.
--extra-args<array>-
Shows help for a specific command
--verbose<boolean>-
Verbose output format.
pve-firewall localnet
Print information about local network.
pve-firewall restart
Restart the Proxmox VE firewall service.
pve-firewall simulate [OPTIONS]
Simulate firewall rules. This does not simulates the kernel 'routing' table, but simply assumes that routing from source zone to destination zone is possible.
--dest<string>-
Destination IP address.
--dport<integer>-
Destination port.
--from(host|outside|vm\d+|ct\d+|([a-zA-Z][a-zA-Z0-9]{0,9})/(\S+))('default ='outside)-
Source zone.
--protocol(tcp|udp)('default ='tcp)-
Protocol.
--source<string>-
Source IP address.
--sport<integer>-
Source port.
--to(host|outside|vm\d+|ct\d+|([a-zA-Z][a-zA-Z0-9]{0,9})/(\S+))('default ='host)-
Destination zone.
--verbose<boolean>('default ='0)-
Verbose output.
pve-firewall start [OPTIONS]
Start the Proxmox VE firewall service.
--debug<boolean>('default ='0)-
Debug mode - stay in foreground
pve-firewall status
Get firewall status.
pve-firewall stop
Stop the Proxmox VE firewall service. Note, stopping actively removes all Proxmox VE related iptable rules rendering the host potentially unprotected.