[pve-devel] [PATCH firewall] rules: allow connections on port range 60000:60050 in management network for migration
Christian Ebner
c.ebner at proxmox.com
Mon Dec 2 16:55:57 CET 2019
Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
src/PVE/Firewall.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index db16e0f..ae67bcd 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2505,6 +2505,7 @@ sub enable_host_firewall {
ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 5900:5999", "-j $accept_action"); # PVE VNC Console
ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 3128", "-j $accept_action"); # SPICE Proxy
ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 22", "-j $accept_action"); # SSH
+ ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 60000:60050", "-j $accept_action"); # Migration
# corosync inbound rules
if (defined($corosync_conf)) {
--
2.20.1
More information about the pve-devel
mailing list