[pve-devel] applied: [PATCH firewall] rules: allow connections on port range 60000:60050 in management network for migration

Thomas Lamprecht t.lamprecht at proxmox.com
Tue Dec 3 06:24:54 CET 2019


On 12/2/19 4:55 PM, Christian Ebner wrote:
> Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
> ---
>  src/PVE/Firewall.pm | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> index db16e0f..ae67bcd 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -2505,6 +2505,7 @@ sub enable_host_firewall {
>      ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 5900:5999", "-j $accept_action");  # PVE VNC Console
>      ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 3128", "-j $accept_action");  # SPICE Proxy
>      ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 22", "-j $accept_action");  # SSH
> +    ruleset_addrule($ruleset, $chain, "$mngmntsrc -p tcp --dport 60000:60050", "-j $accept_action");  # Migration
>  
>      # corosync inbound rules
>      if (defined($corosync_conf)) {
> 

applied, thanks a lot!




More information about the pve-devel mailing list