Search results

I highly doubt this. If I set rate limit to 60, I get 500 Mbps....

Hi, This question is about https://pve.proxmox.com/pve-docs/api-viewer/#/nodes/{node}/qemu/{vmid}/agent/network-get-interfaces. Can someone explain to me what these represent? "statistics": { "rx-packets": 501361, "tx-bytes": 15465504, "tx-dropped": 0, "tx-errs": 0, "rx-errs": 0...

Can we get all possible values for status and qmpstatus? The API does not specify these.

Anyone?

Hi, I'm not sure if I asked the question already, checked but cannot find in my posts. Basically I have some custom iptables rules per VM/adapter and I do logging. These logs go into the main node logs instead of the VM Firewall logs. /sbin/iptables -N ... /sbin/iptables -A ... -m limit...

This is a very misleading and cumbersome thread. The default tutorial from https://pve.proxmox.com/wiki/Fail2ban works perfectly fine even on the latest 7.3. When I see stuff like "you can remove iptables using command apt-get remove iptables" I get sick. There is no need to do anything...

Thanks, I was hoping they added a blacklist ipset for vm's as well...

No plans to add such feature?

Does PVEFW read this if we add it to VM firewall config? [IPSET blacklist] I would like to have a blacklist per VM. Thanks

Thank you! It seems to have worked: root@:~# systemctl daemon-reload root@:~# systemctl start qmeventd.service root@:~# systemctl status qmeventd.service ● qmeventd.service - PVE Qemu Event Daemon Loaded: loaded (/lib/systemd/system/qmeventd.service; enabled; vendor pres> Active...

stat: cannot statx '/run/systemd/units/invocation:qmeventd.service': No such file or directory The other command returns a lot of non-formatted data.

● qmeventd.service - PVE Qemu Event Daemon Loaded: loaded (/lib/systemd/system/qmeventd.service; enabled; vendor preset: enabled) Active: inactive (dead) Nov 08 13:32:50 host-5017329 systemd[1]: qmeventd.service: Failed to set invocation ID for unit: File exists Nov 08 13:32:50...

proxmox-ve: 7.2-1 (running kernel: 5.15.64-1-pve) pve-manager: 7.2-11 (running version: 7.2-11/b76d3178) pve-kernel-5.15: 7.2-13 pve-kernel-helper: 7.2-13 pve-kernel-5.15.64-1-pve: 5.15.64-1 ceph-fuse: 14.2.21-1 corosync: 3.1.5-pve2 criu: 3.15-1+pve-1 glusterfs-client: 9.2-1 ifupdown2...

Hi, I have created my own LOG chains for specific rules added for each guest. My first question is how can I log in separate log file like PVEFW does per guest? Currently all logs go into the Node's firewall log. Second question is, how can I format the log output to be similar to PVEFW? At...

Hi, Proxmox 7.2.11 INFO: starting new backup job: vzdump 100 --compress zstd --mode snapshot --mailnotification always --notes-template '{{guestname}}' --quiet 1 --storage backups --prune-backups 'keep-last=1' INFO: Starting Backup of VM 100 (qemu) INFO: Backup started at 2022-11-13 22:30:04...

After a bit of research, it seems the rule ordering is the problem. Basically -A will append at the end of the iptables chain, which is after PVEFW-Drop so it will have no effect. Rules order can be seen with iptables -t filter -L tap100i0-IN --line-numbers -n -v. Now another problem remains...

I`m trying to add some custom iptables rules (like connlimit) for guest machines. Example rule is: -A tap101i0-IN -p tcp -m connlimit --connlimit-above 30 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset As seen tap101i0 is the vm 101 adapter. The rule has no effect, I...

I'm having a really hard time trying to add and keep some custom iptables rules. Reading across several threads, iptables-persistent came to light. With that being said I have installed it with apt-get install -y iptables-persistent and all the rules got saved into the corresponding files...

Did you manage to add rules per guest machine? Can you please share some details? Many thanks.

Indeed, after some research I found this. However, again, I thought there might be something built it and easy to use.