Maybe it would be smart to at least allow access to only port 8006 on the "datacenter" firewall!!!!!!!
Smart?
- Thread starter ljprevo
- Start date
Why don't they at least default port 8006 open when you turn the firewall on the data center.
I figured it out.
To everyone else, add this to the firewall rules before turning the datacenter firewall on or you will lock yourself out of Proxmox host if your are remote.
It's already open by default, so you can enable the firewall even with with "input policy" set to "DROP" or "REJECT". You only need manually to open that port in case you create a rule that explicitely blocks it, as custom rules got higher priority than the input/output policies or hidden default rules. See the hidden anti-lockout rules: https://pve.proxmox.com/wiki/Firewall#pve_firewall_default_rules
Last edited:
Not true, i turned mine on the "datacenter", not the master and it locked me out until i added those rules. I had to get with the NOC to shut the firewall back off.
That is what I wanted, all traffic blocked to my master except me. No big deal, water under the bridge. Yes all traffic to it is dropped unless allowed through. Why would you have your master open to the world anyways?
Maybe both is correct: after enabling the datacenter "main switch" for the firewall I still can connect to the nodes via 8006 - from the same LAN. My admin-workstation is in another local network and access from there fails.
The lockout-prevention rules are focusing the local network access...
The lockout-prevention rules are focusing the local network access...
