firewall

I currently have two proxmox Metals in Scaleway Cloud. Yesterday I bought my second one but with the first one I didn't have any issue. So my setup in the first one is a pfsense firewall with a WAN and a LAN in 192.168.1.0/24. Now I introduced the second Metal and created another pfsense (I know...

Hi, I read over some other threads that this issue is known but the solution does not seem to be official. That's why I'm posting this one. Example: VM1 on vlan30 and VM2 on vlan60 - VM1 can ping VM2 (and vice versa) - VM2 cannot ssh VM1... But VM1 can ssh to VM2 - PVE firewall is activated...

Hi, I noticed that if I set the OUTPUT policy to DROP, I need to add a few rules by default for SSH, migrations to work if I add another ringX address. Could it be that some rules that gets set by default for INPUT may have been forgotten in output ? I see the usual ports...

Hi To avoid to loose emails during patches and upgrades we usually closed the SMTP ports via the local firewall in the past at other Linux mail relays. Now I'm missing the functionality of iptables-save / iptables-restore at the PMG. Even after installing the mentioned packages and saving the...

Hi, Ich versuche die outgoing connections eines LXC derart zu unterbinden, dass er nur noch auf einen bestimmten Host auf zwei bestimmten Ports zugreifen kann. LXC1 -------------------tcp 1883/8883--------------->LXC2 Dazu habe ich Firewall im Datacenter aktiviert Firewall der Node auf...

I'm running into exactly the same issue as #56300. The previous thread was old and I have more details on that, so I thought I'd just open a new thread. PVE version is almost up-to-date: proxmox-ve: 8.0.2 (running kernel: 6.2.16-6-pve) VM → Firewall → Options → Firewall = No: No effect VM →...

Hi, PVE 7.4-16 here. It looks like I can't drop this type of traffic at datacenter/node level. Only VM level works. As per Anydesk documentation (and further traffic sniffing) this is the traffic I need to drop: - protocol: UDP - destination IP: 239.255.102.18 (multicast) - destination ports...

I have a very strict firewall policy that essentially boils down to, block ALL traffic from any and all servers and computers that are not essential to that host's operation or needs. This seemed fine for a while but I just realized that anything on VLAN 10 can access Proxmox via SSH, even...

Hi all, I'm working on my first setup at Hetzner and I can't find any examples of what I am attempting to do. I'm hoping for some insight, an interfaces config or step by step if it's available would both be very helpful! While there's plenty of instructions with regard to hosting OpnSense...

Hi guys, I am using Proxmox 8.0.4 and really enjoying it so far. I tried to set up the firewall at the cluster level and the node level, but it doesn't work except at the VM/container level. Whatever rules I make, I can bypass them like they didn't even exist This is what I did: 1. After and...

Hi everyone, I am trying to grant access to the Proxmox node via SSH based on some ACCEPT firewall rules on the node level on this single host setup. What already worked have been the following two rules referencing previously defined Aliases: Aliases: FW-Rules: Since this looked like a...

Hello everyone, I have 2 security groups. One is applied to the datacenter and allows port 22 access. Another is applied to the virtual machine and allows VPN access. This works fine as far as I can tell. However, today I found the setting, under a virtual machine => Firewall => Options =>...

Hello, I'm quite new to Proxmox and there is something I don't get. I've just done some firewall rules (filtering public IPs who can access a specific VM on specifics ports). But when I attempt to test unauthorized IPs, I can access my resources (which isn't supposed to be normal). When I see...

hi, i have a proxmox setup (7.4-3) with 2 seperate physical interfaces. both are conennected to the same LAN segment (192.168.1.0/24). one is bridged to vmbr0 (managment of the host itself) and proxmox has an IP address on that interface. the other network adapter is a usb adapter (bound to...

Hello everyone, I'm trying to setup proxmox firewall for the first time. I've used ufw, csf, firewalld prior...seems like having an integrated solution would be nice and my rules aren't super complicated.I was planning on setting up some security groups and applying them. My main confusion...

Hello, I found message " kernel: nf_conntrack: nf_conntrack: table full, dropping packet " in syslog. and I have increase value nf_contrack but still show the message. Could you please suggest for check the problem. Best regards,

I have a host I am trying to enact the firewall on. It has a server running apache on ports 80, 443. I have tried many things to get a reaction from the firewall. Logging doesn't show anything for the host level and output from iptables -L doesn't show my firewall rules. What am I missing? I...

I'm in need of executing a script to allow traffic through firewall and open port 80 inbound to the PVE (and next PBS), and then once done, close the ports etc. Is there a current way to do it in PVE 7.x ?

Hi, since switching to Proxmox VE 8 Postrouting SNAT (Unfortunately I must use NAT) in combination with the Proxmox Firewall is not working anymore even with conntrack zones enabled. In Proxmox VE 7 it worked after adding post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1...

Hi, I have a strange case. I had set firewall on VM level, and the rule on firewall running well as I want. But after install qemu-agent-guest and enable qemu-agent. The firewall rule didn't running well like before install qemu-agent-guest. I work with pve 7.4-13 Thanks