Suricata IPS integration

Maher Khalil

Member
Jul 11, 2021
212
9
23
42
Hello
I would like to use Suricata IPS integration
My question is do I need to activate proxmox firewall on the data-center level or only on the VMs level?
 
You always need to enable the PVE firewall on the datacenter level. If the datacenter level firewall is disabled all node/guest firewall rules won't be active.
 
I am afraid to activate datacenter firewall then I get blocked
so any advice what rule to add in datacenter level then accept everything?
 
What I want to do is to block some IPs at datacenter lever, so I will make input policy at firewall datacenter, node and each VM level accept, I will not create any other rule then The I will create rule at datacenter level for each IP i want to block
my goal not to stop any traffic for VMs
I will also install Suricata for intrusion
any advice for my installation?
I have also fail2ban. should I stop it before Suricata install (I expect Suricata is enough)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!