Search results

To summarize the issue, and how to reproduce it. This test was done using IPv6 on WAN, and IPv4 on LAN. - set a CT/VM to policy DROP/DROP - enable port 22 INPUT On iptables/pve-firewall, conf set to: [OPTIONS] enable: 1 policy_out: DROP [RULES] IN SSH(ACCEPT) -log nolog ssh to_ct: SYN...

Hi, I wanted to try nftables on Proxmox, it seems quite nicely done, bravo! I guess most users don't use any output filters, but if using them in iptables, we get a stateful output rule, allowing to only open INPUT for a given port, and assume that it will go out. Chain PVEFW-HOST-OUT (1...

Yeah, I was impacted by that as well on a legacy rule using a legacy ipset (+management => dc/management) and that made proxmox-firewall fail. Fixing it made it start nicely.

It's also true for storage, I have tested adding an "external" SMB storage, if I DROP on INPUT, it's whitelisted, but if I drop on OUTPUT, I get blocked until I add a specific rule to add it. Should I report a bug/try to patch?

Hi, I have code not maintained to do that, around here: https://github.com/gilou/proxmoxthings especially the wol_hack.py thing. No clue if it still works, might need to be updated a bit…

Hi, I noticed that if I set the OUTPUT policy to DROP, I need to add a few rules by default for SSH, migrations to work if I add another ringX address. Could it be that some rules that gets set by default for INPUT may have been forgotten in output ? I see the usual ports...

Jumping in, we do have a PBS instance, rather powerful and well connected, yet the full listing takes 2-5s, while filtering by VMID is a lot quicker. The full list sometimes timeout.. there might be an improvement path there ;)

OK, it works once a VM is started on the bridge...

Hi, Did you ever solve this (without enslaving dummyX)? I do notice the same behavior, even on a public IP, not even ULA… IPv4 works, IPv6 doesn't. Most of the time (aha!). On one machine I have: ip l : 4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default...

Hi, I had the same issue on a OVH server using nvme disks (though I think that is not related). In reFind, you can select the proper boot option, for some reason, efibootmgr or whatever is used on proxmox 7 let the debian uefi take over the proxmox one, so it fails booting (not sure why, but I...

Sorry, this might look like I'm digging up an old thread, it is not ;) The idea here is interesting, and would, if doable, allow proxmox to present an openstack compliant API, which could be awesome… and indeed, as the compute part is kvm-based, it should be "easy" to map the features needed...