├── .gitignore ├── Makefile ├── debian ├── README ├── changelog ├── control ├── copyright ├── dirs ├── docs ├── example │ ├── 100.fw │ ├── cluster.fw │ └── host.fw ├── postinst ├── pve-firewall.default ├── pve-firewall.logrotate ├── pve-firewall.service ├── pve-firewall.triggers ├── pvefw-logger.service ├── rules └── source │ └── format ├── src ├── Makefile ├── PVE │ ├── API2 │ │ ├── Firewall │ │ │ ├── Aliases.pm │ │ │ ├── Cluster.pm │ │ │ ├── Groups.pm │ │ │ ├── Helpers.pm │ │ │ ├── Host.pm │ │ │ ├── IPSet.pm │ │ │ ├── Makefile │ │ │ ├── Rules.pm │ │ │ ├── VM.pm │ │ │ └── Vnet.pm │ │ └── Makefile │ ├── Firewall.pm │ ├── Firewall │ │ ├── Helpers.pm │ │ └── Makefile │ ├── FirewallSimulator.pm │ ├── Makefile │ └── Service │ │ ├── Makefile │ │ └── pve_firewall.pm ├── pve-firewall ├── pve-firewall-sysctl.conf └── pvefw-logger.c └── test ├── Makefile ├── README ├── corosync.conf ├── fwtester.pl ├── test-basic1 ├── 100.fw ├── 200.fw ├── cluster.fw ├── host.fw └── tests ├── test-default-rules1 ├── 101.fw ├── 201.fw ├── cluster.fw └── tests ├── test-errors1 ├── 100.fw ├── cluster.fw └── tests ├── test-errors2 ├── 100.fw ├── cluster.fw └── tests ├── test-errors3 ├── 100.fw ├── cluster.fw ├── host.fw └── tests ├── test-errors4 ├── 100.fw ├── cluster.fw └── tests ├── test-group1 ├── 100.fw ├── 200.fw ├── cluster.fw ├── host.fw └── tests ├── test-ipset1 ├── cluster.fw ├── host.fw └── tests ├── test-ipset2 ├── 100.fw ├── cluster.fw └── tests ├── test-unconfigured ├── 101.fw ├── 201.fw ├── cluster.fw ├── host.fw └── tests ├── test-vm-aliases1 ├── 100.fw ├── cluster.fw └── tests ├── test-vm-ipfilter1 ├── 100.fw ├── cluster.fw └── tests └── test-vm-ipfilter2 ├── 200.fw ├── cluster.fw └── tests /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/.gitignore -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/Makefile -------------------------------------------------------------------------------- /debian/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/README -------------------------------------------------------------------------------- /debian/changelog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/changelog -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/control -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/copyright -------------------------------------------------------------------------------- /debian/dirs: -------------------------------------------------------------------------------- 1 | /var/lib/pve-firewall 2 | -------------------------------------------------------------------------------- /debian/docs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/docs -------------------------------------------------------------------------------- /debian/example/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/example/100.fw -------------------------------------------------------------------------------- /debian/example/cluster.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/example/cluster.fw -------------------------------------------------------------------------------- /debian/example/host.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/example/host.fw -------------------------------------------------------------------------------- /debian/postinst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/postinst -------------------------------------------------------------------------------- /debian/pve-firewall.default: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/pve-firewall.default -------------------------------------------------------------------------------- /debian/pve-firewall.logrotate: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/pve-firewall.logrotate -------------------------------------------------------------------------------- /debian/pve-firewall.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/pve-firewall.service -------------------------------------------------------------------------------- /debian/pve-firewall.triggers: -------------------------------------------------------------------------------- 1 | activate-noawait pve-api-updates 2 | -------------------------------------------------------------------------------- /debian/pvefw-logger.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/pvefw-logger.service -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/debian/rules -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 1.0 2 | -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/Makefile -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/Aliases.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/Aliases.pm -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/Cluster.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/Cluster.pm -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/Groups.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/Groups.pm -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/Helpers.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/Helpers.pm -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/Host.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/Host.pm -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/IPSet.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/IPSet.pm -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/Makefile -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/Rules.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/Rules.pm -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/VM.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/VM.pm -------------------------------------------------------------------------------- /src/PVE/API2/Firewall/Vnet.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Firewall/Vnet.pm -------------------------------------------------------------------------------- /src/PVE/API2/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/API2/Makefile -------------------------------------------------------------------------------- /src/PVE/Firewall.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/Firewall.pm -------------------------------------------------------------------------------- /src/PVE/Firewall/Helpers.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/Firewall/Helpers.pm -------------------------------------------------------------------------------- /src/PVE/Firewall/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/Firewall/Makefile -------------------------------------------------------------------------------- /src/PVE/FirewallSimulator.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/FirewallSimulator.pm -------------------------------------------------------------------------------- /src/PVE/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/Makefile -------------------------------------------------------------------------------- /src/PVE/Service/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/Service/Makefile -------------------------------------------------------------------------------- /src/PVE/Service/pve_firewall.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/PVE/Service/pve_firewall.pm -------------------------------------------------------------------------------- /src/pve-firewall: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/pve-firewall -------------------------------------------------------------------------------- /src/pve-firewall-sysctl.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/pve-firewall-sysctl.conf -------------------------------------------------------------------------------- /src/pvefw-logger.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/src/pvefw-logger.c -------------------------------------------------------------------------------- /test/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/Makefile -------------------------------------------------------------------------------- /test/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/README -------------------------------------------------------------------------------- /test/corosync.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/corosync.conf -------------------------------------------------------------------------------- /test/fwtester.pl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/fwtester.pl -------------------------------------------------------------------------------- /test/test-basic1/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-basic1/100.fw -------------------------------------------------------------------------------- /test/test-basic1/200.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-basic1/200.fw -------------------------------------------------------------------------------- /test/test-basic1/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 -------------------------------------------------------------------------------- /test/test-basic1/host.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-basic1/host.fw -------------------------------------------------------------------------------- /test/test-basic1/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-basic1/tests -------------------------------------------------------------------------------- /test/test-default-rules1/101.fw: -------------------------------------------------------------------------------- 1 | [OPTIONS] 2 | 3 | enable: 1 4 | -------------------------------------------------------------------------------- /test/test-default-rules1/201.fw: -------------------------------------------------------------------------------- 1 | [OPTIONS] 2 | 3 | enable: 1 4 | -------------------------------------------------------------------------------- /test/test-default-rules1/cluster.fw: -------------------------------------------------------------------------------- 1 | [OPTIONS] 2 | 3 | enable: 1 4 | policy_out: DROP -------------------------------------------------------------------------------- /test/test-default-rules1/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-default-rules1/tests -------------------------------------------------------------------------------- /test/test-errors1/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-errors1/100.fw -------------------------------------------------------------------------------- /test/test-errors1/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 -------------------------------------------------------------------------------- /test/test-errors1/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-errors1/tests -------------------------------------------------------------------------------- /test/test-errors2/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-errors2/100.fw -------------------------------------------------------------------------------- /test/test-errors2/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 -------------------------------------------------------------------------------- /test/test-errors2/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-errors2/tests -------------------------------------------------------------------------------- /test/test-errors3/100.fw: -------------------------------------------------------------------------------- 1 | [OPTIONS] 2 | 3 | enable: 1 4 | 5 | [RULES] 6 | 7 | IN ACCEPT -p tcp -dport 82 8 | 9 | -------------------------------------------------------------------------------- /test/test-errors3/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 -------------------------------------------------------------------------------- /test/test-errors3/host.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-errors3/host.fw -------------------------------------------------------------------------------- /test/test-errors3/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-errors3/tests -------------------------------------------------------------------------------- /test/test-errors4/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-errors4/100.fw -------------------------------------------------------------------------------- /test/test-errors4/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 -------------------------------------------------------------------------------- /test/test-errors4/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-errors4/tests -------------------------------------------------------------------------------- /test/test-group1/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-group1/100.fw -------------------------------------------------------------------------------- /test/test-group1/200.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-group1/200.fw -------------------------------------------------------------------------------- /test/test-group1/cluster.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-group1/cluster.fw -------------------------------------------------------------------------------- /test/test-group1/host.fw: -------------------------------------------------------------------------------- 1 | [OPTIONS] 2 | 3 | enable: 1 4 | 5 | [RULES] 6 | 7 | GROUP group1 8 | -------------------------------------------------------------------------------- /test/test-group1/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-group1/tests -------------------------------------------------------------------------------- /test/test-ipset1/cluster.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-ipset1/cluster.fw -------------------------------------------------------------------------------- /test/test-ipset1/host.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-ipset1/host.fw -------------------------------------------------------------------------------- /test/test-ipset1/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-ipset1/tests -------------------------------------------------------------------------------- /test/test-ipset2/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-ipset2/100.fw -------------------------------------------------------------------------------- /test/test-ipset2/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 -------------------------------------------------------------------------------- /test/test-ipset2/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-ipset2/tests -------------------------------------------------------------------------------- /test/test-unconfigured/101.fw: -------------------------------------------------------------------------------- 1 | [OPTIONS] 2 | 3 | enable: 1 4 | -------------------------------------------------------------------------------- /test/test-unconfigured/201.fw: -------------------------------------------------------------------------------- 1 | [OPTIONS] 2 | 3 | enable: 1 4 | -------------------------------------------------------------------------------- /test/test-unconfigured/cluster.fw: -------------------------------------------------------------------------------- 1 | [OPTIONS] 2 | 3 | enable: 1 4 | 5 | -------------------------------------------------------------------------------- /test/test-unconfigured/host.fw: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/test-unconfigured/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-unconfigured/tests -------------------------------------------------------------------------------- /test/test-vm-aliases1/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-vm-aliases1/100.fw -------------------------------------------------------------------------------- /test/test-vm-aliases1/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 -------------------------------------------------------------------------------- /test/test-vm-aliases1/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-vm-aliases1/tests -------------------------------------------------------------------------------- /test/test-vm-ipfilter1/100.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-vm-ipfilter1/100.fw -------------------------------------------------------------------------------- /test/test-vm-ipfilter1/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 4 | 5 | [rules] 6 | 7 | IN ACCEPT -p tcp -dport 80 -source 1.2.3.0/24 -------------------------------------------------------------------------------- /test/test-vm-ipfilter1/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-vm-ipfilter1/tests -------------------------------------------------------------------------------- /test/test-vm-ipfilter2/200.fw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-vm-ipfilter2/200.fw -------------------------------------------------------------------------------- /test/test-vm-ipfilter2/cluster.fw: -------------------------------------------------------------------------------- 1 | [options] 2 | 3 | enable: 1 4 | 5 | [rules] 6 | 7 | IN ACCEPT -p tcp -dport 80 8 | -------------------------------------------------------------------------------- /test/test-vm-ipfilter2/tests: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/proxmox/pve-firewall/HEAD/test/test-vm-ipfilter2/tests --------------------------------------------------------------------------------