B.1. pve-firewall - Proxmox VE Firewall Daemon

pve-firewall <COMMAND> [ARGS] [OPTIONS]

pve-firewall compile

Compile and print firewall rules. This is useful for testing.

pve-firewall help [OPTIONS]

Get help about specified command.

--extra-args <array>
Shows help for a specific command
--verbose <boolean>
Verbose output format.

pve-firewall localnet

Print information about local network.

pve-firewall restart

Restart the Proxmox VE firewall service.

pve-firewall simulate [OPTIONS]

Simulate firewall rules. This does not simulate kernel routing table. Instead, this simply assumes that routing from source zone to destination zone is possible.

--dest <string>
Destination IP address.
--dport <integer>
Destination port.
--from (host|outside|vm\d+|ct\d+|vmbr\d+/\S+) (default = outside)
Source zone.
--protocol (tcp|udp) (default = tcp)
Protocol.
--source <string>
Source IP address.
--sport <integer>
Source port.
--to (host|outside|vm\d+|ct\d+|vmbr\d+/\S+) (default = host)
Destination zone.
--verbose <boolean> (default = 0)
Verbose output.

pve-firewall start [OPTIONS]

Start the Proxmox VE firewall service.

--debug <boolean> (default = 0)
Debug mode - stay in foreground

pve-firewall status

Get firewall status.

pve-firewall stop

Stop firewall. This removes all Proxmox VE related iptable rules. The host is unprotected afterwards.