About IPset and limiting IP use not working for IPv6

L

lll

New Member
Feb 11, 2023
7
0
1
Hi, currently one of my vlan is having IPv6 /48. I am currently assigning VM a /64 subnet and set that subnet to the IPset field. But when I add another IP outside that /64 (but within the same /48) to the guest os. It's still able to use that and I could ssh into the VM. Is it possible to fix that VM to only use the /64 I've assigned? Am I missing anything?

Here's the screenshot of the settings.

IP assigned by cloud-init:
Screenshot_20240105-074533_Firefox.jpg

IPset settings:
Screenshot_20240105-074013_Firefox.jpg

IP able to use (qemu guest agent output):
Screenshot_20240105-074550_Firefox.jpg

*P.s. no worries on the IP exposure, it's just a testing vm.
 
Last edited:
spirit said:
simply use the 2001:470:f809::/48 in ipset ?
Click to expand...
Thanks for the reply, but I'm hoping that the VM should only able to access its own /64. As example, the image one is assigned 2001:470:f809::54/64. I want it to only access this IP. But currently it's able to get access to 2001:470:f809::64/64 by manually setting that IP in the guest OS
 
lll said:
You mean in the console? Nothing is showing after entering ipset save
Click to expand...
yes, on the proxmox host. if you don't have result for ipset-save or iptables save , that mean than firewall rules are not generated.

do you have enabled firewall ? (at datacenter level && on vm firewall options)

# pve-firewall status ?
 
spirit said:
yes, on the proxmox host. if you don't have result for ipset-save or iptables save , that mean than firewall rules are not generated.

do you have enabled firewall ? (at datacenter level && on vm firewall options)

# pve-firewall status ?
Click to expand...
The response is kind of confusing Screenshot_20240105-195250.jpg
 
You must log in or register to reply here.
Top Bottom