[SOLVED] PVESIG - what is it used for?

Sebastian Schubert

Sebastian Schubert

Well-Known Member
Aug 28, 2017
67
12
48
45
Hi there,

i was wondering what the PVESIG in the iptables rules are for.
Is there any sort of "tampering" detection (and mitigation?) or what is it used for?
 
It is used to store a hash of your firewall rules, and to use that for detecting when your settings changed (if they changed the rules are reloaded, if not, nothing is done).

This is necessary since pve-firewall is not notified when your rules change, and periodically checks if some of your settings changed...

see the source-code - https://git.proxmox.com/?p=pve-fire...0590b30305bd6941ddcc8bfe40159da;hb=HEAD#l1872

so not strictly a 'tampering' protection - although it should reload the rules if you enter a rule manually

I hope this explains it
 
You must log in or register to reply here.
Top Bottom