firewall

  1. G

    [SOLVED] Can't drop Anydesk discovery multicast traffic at node or cluster level

    Hi, PVE 7.4-16 here. It looks like I can't drop this type of traffic at datacenter/node level. Only VM level works. As per Anydesk documentation (and further traffic sniffing) this is the traffic I need to drop: - protocol: UDP - destination IP: 239.255.102.18 (multicast) - destination ports...
  2. N

    Proxmox VE firewall not blocking SSH

    I have a very strict firewall policy that essentially boils down to, block ALL traffic from any and all servers and computers that are not essential to that host's operation or needs. This seemed fine for a while but I just realized that anything on VLAN 10 can access Proxmox via SSH, even...
  3. S

    Proxmox with a Separate Host Running OpnSense in Hetzner

    Hi all, I'm working on my first setup at Hetzner and I can't find any examples of what I am attempting to do. I'm hoping for some insight, an interfaces config or step by step if it's available would both be very helpful! While there's plenty of instructions with regard to hosting OpnSense...
  4. M

    Firewall is not working at cluster and node level

    Hi guys, I am using Proxmox 8.0.4 and really enjoying it so far. I tried to set up the firewall at the cluster level and the node level, but it doesn't work except at the VM/container level. Whatever rules I make, I can bypass them like they didn't even exist This is what I did: 1. After and...
  5. H

    IPSet not applying as expected / Alias alone working however

    Hi everyone, I am trying to grant access to the Proxmox node via SSH based on some ACCEPT firewall rules on the node level on this single host setup. What already worked have been the following two rules referencing previously defined Aliases: Aliases: FW-Rules: Since this looked like a...
  6. H

    I don't understand what Firewall:Yes does on virtual machine?

    Hello everyone, I have 2 security groups. One is applied to the datacenter and allows port 22 access. Another is applied to the virtual machine and allows VPN access. This works fine as far as I can tell. However, today I found the setting, under a virtual machine => Firewall => Options =>...
  7. K

    Why is my PVE IP showing in firewall logs when I attempt to join from a public IP ?

    Hello, I'm quite new to Proxmox and there is something I don't get. I've just done some firewall rules (filtering public IPs who can access a specific VM on specifics ports). But when I attempt to test unauthorized IPs, I can access my resources (which isn't supposed to be normal). When I see...
  8. Y

    Proxmox ignores Firewalling on interface at host level, but accepts at vm level.

    hi, i have a proxmox setup (7.4-3) with 2 seperate physical interfaces. both are conennected to the same LAN segment (192.168.1.0/24). one is bridged to vmbr0 (managment of the host itself) and proxmox has an IP address on that interface. the other network adapter is a usb adapter (bound to...
  9. H

    Help understanding default firewall rules

    Hello everyone, I'm trying to setup proxmox firewall for the first time. I've used ufw, csf, firewalld prior...seems like having an integrated solution would be nice and my rules aren't super complicated.I was planning on setting up some security groups and applying them. My main confusion...
  10. T

    [SOLVED] I've error kernel: nf_conntrack: nf_conntrack: table full, dropping packet in syslog.

    Hello, I found message " kernel: nf_conntrack: nf_conntrack: table full, dropping packet " in syslog. and I have increase value nf_contrack but still show the message. Could you please suggest for check the problem. Best regards,
  11. B

    Problems with Host Firewall

    I have a host I am trying to enact the firewall on. It has a server running apache on ports 80, 443. I have tried many things to get a reaction from the firewall. Logging doesn't show anything for the host level and output from iptables -L doesn't show my firewall rules. What am I missing? I...
  12. H

    custom pre/post-scripts/hooks for ACME renewals (not plugins, but firewall etc. related)

    I'm in need of executing a script to allow traffic through firewall and open port 80 inbound to the PVE (and next PBS), and then once done, close the ports etc. Is there a current way to do it in PVE 7.x ?
  13. M

    Proxmox VE 8 with Firewall in Routed Configuration. Netfilter POSTROUTING SNAT not working

    Hi, since switching to Proxmox VE 8 Postrouting SNAT (Unfortunately I must use NAT) in combination with the Proxmox Firewall is not working anymore even with conntrack zones enabled. In Proxmox VE 7 it worked after adding post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1...
  14. rian81

    [SOLVED] VM Firewall didn't working after install qemu-guest-agent on vm

    Hi, I have a strange case. I had set firewall on VM level, and the rule on firewall running well as I want. But after install qemu-agent-guest and enable qemu-agent. The firewall rule didn't running well like before install qemu-agent-guest. I work with pve 7.4-13 Thanks
  15. S

    SSH Firewall rule does not work on server machine

    I enabled firewall on Datacenter, node and some VMs. Ping works but strange. If I start ping and disable rule during it pinging, it continues ping. If I stop ping and try again then it is not working. But that is not an issue for me. I can access my host machine with SSH no matter wat. I...
  16. D

    Enabling Firewall breaks connection to all VMs

    Hello, I have a proxmox server running 7.4-13. When I try to enable the firewall on datacenter level, all connections to my VMs break and I can't ping them. Even those VMs which have no firewall enabled in VM Firewall and Hardware settings. Also my NFS mount from my TrueNAS VM breaks...
  17. T

    Proxmox host can't reach the Internet - VM Firewall/gateway scenario

    Hi everyone, After a couple of days of struggling, reading the Internet, and watching tutorials on YT, I still couldn't figure out how to give Proxmox host access to the Internet via Gateway/Firewall guest. Please advise if this is even possible and/or where the problem is. Some info about the...
  18. T

    Proxmox Firewall Doesn't seem to work and errors in log

    I'm trying to start making use of the Proxmox Firewall at Node/VM/NIC level. I've enabled the firewall at datacenter and node level initially, but the rules I've put in place don't seem to take effect, and I'm also getting these lines repeatedly in my PVE logs: Jun 03 12:32:57 pve...
  19. N

    [SOLVED] WebUI PAM Zugang Einschränken / WebUI restrict PAM (root) Login

    Hallo zusammen, Ich möchte die WebUI über VPN für andere Erreichbar machen, damit diese Ihre VMs selbst verwalten können. Nun hab ich mir die Frage gestellt, ob es denn möglich ist den Root Zugriff auf die WebUI nur in einem bestimmten Netzwerk zuzulassen? Heimnetz: Root kann sich anmelden...
  20. S

    Arma 3 Server

    Hello! I'm trying to make an arma3 server that runs on proxmox on a windows VM. The server seams to be running in it's console, however the server does not show up on the server list. I have opened ports in the VMs firewall, however I am struggeling to open them in proxmox itself. The port I...