* [PVE-User] migration from iptables to nftables
@ 2023-07-21 9:49 nada
0 siblings, 0 replies; only message in thread
From: nada @ 2023-07-21 9:49 UTC (permalink / raw)
To: pve-user
hi folks
I am testing migration of firewall from iptables to nftables
my versions
* pve-manager/7.4-16/0f39f621 (running kernel: 5.15.108-1-pve)
* iptables 1.8.7-1
* nftables 0.9.8-3.1+deb11u1
# nft -V
nftables v0.9.8 (E.D.S.)
cli: editline
json: yes
minigmp: no
libxtables: yes
I've already translated rulesets from iptables to nftables
and want to deploy them at pve-firewall
PLS can anybody let me know the configuration of pve-firewall.service
for nft ?
current for iptables
# cat /lib/systemd/system/pve-firewall.service
[Unit]
Description=Proxmox VE firewall
ConditionPathExists=/usr/sbin/pve-firewall
Wants=pve-cluster.service pvefw-logger.service
After=pvefw-logger.service pve-cluster.service network.target
systemd-modules-load.service
DefaultDependencies=no
Before=shutdown.target
Conflicts=shutdown.target
[Service]
ExecStartPre=-/usr/bin/update-alternatives --set ebtables
/usr/sbin/ebtables-legacy
ExecStartPre=-/usr/bin/update-alternatives --set iptables
/usr/sbin/iptables-legacy
ExecStartPre=-/usr/bin/update-alternatives --set ip6tables
/usr/sbin/ip6tables-legacy
ExecStart=/usr/sbin/pve-firewall start
ExecStop=/usr/sbin/pve-firewall stop
ExecReload=/usr/sbin/pve-firewall restart
PIDFile=/run/pve-firewall.pid
Type=forking
[Install]
WantedBy=multi-user.target
thank you
NadaMac
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-07-21 9:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-21 9:49 [PVE-User] migration from iptables to nftables nada
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.