13.7. Services and Commands

The firewall runs two service daemons on each node:

There is also a CLI command named pve-firewall, which can be used to start and stop the firewall service:

# pve-firewall start
# pve-firewall stop

To get the status use:

# pve-firewall status

The above command reads and compiles all firewall rules, so you will see warnings if your firewall configuration contains any errors.

If you want to see the generated iptables rules you can use:

# iptables-save