ipset

During IP changes of multiple hosts I noticed that MAC and IP filters were no longer functional in my configuration. While trying to understand why this behavior changed from when I initially set up IP filtering I noticed that ebtables rules are no longer created when the firewall is disabled on...

Hi, currently one of my vlan is having IPv6 /48. I am currently assigning VM a /64 subnet and set that subnet to the IPset field. But when I add another IP outside that /64 (but within the same /48) to the guest os. It's still able to use that and I could ssh into the VM. Is it possible to fix...

Hello, I searched for some time and checked docs and API viewer here: API viewer - PUT - /api2/json/cluster/firewall/ipset/{name}/{cidr} But I'm not able to change my CIDR range when already exists using HTTP PUT API call. There is no issue create CIDR range (in already created IPSet...

Hi everyone, I am trying to grant access to the Proxmox node via SSH based on some ACCEPT firewall rules on the node level on this single host setup. What already worked have been the following two rules referencing previously defined Aliases: Aliases: FW-Rules: Since this looked like a...

Hi Guys, I have 4 Server cluster i am trying to apply firewall rule to block 1 IP range from another interacting or accessing but i am unable to do so, i have been scratching my head since morning if someone can enlighten me a bit it would be great. firewall is enabled on Datacanter->Node-> VM...

I have been testing my script to copy fail2ban log files to Proxmox firewall and have managed to make it work... one time :) cat /root/bin/banned2proxmox.sh #!/bin/bash # # Sync fail2ban log files from client servers rsync -a root@vm1.ic4.eu:/var/log/fail2ban.log /root/bin/fail2ban-vm1.log...

I'm trying to decide which is better for our SPAM firewall rules. What is your take on this? Which do you use?

Goood evening, I have a question about the Firewall in Proxmox. I have the attach file. I want the IPs of this site https://www.countryipblocks.net/acl.php blocked for Internet Security. After a certain size, the IP addresses that I can insert per section become smaller and smaller. Is there...

Hello, I am not sure if I hit a bug so I try to check it before submitting the bug. I created firewall for VM and the outgoing filter in iptables looks like this: Chain tap101i1-OUT (1 references) pkts bytes target prot opt in out source destination 0...

I have two Proxmox servers hosted at OVH. One is running version 5.4, the other 6.0. I've created the "management" IP set for my IP address on both servers. On 6.0 I can access the system. On 5.4 I lose access when enabling the firewall. So is the management IP set a new feature of version 6?

Hi all, I came by some weird behaviour i don't understand and I would like some help. I have a cluster (5.2) and I have a VM on a node. I am trying to prevent the VM of changing its IP. I have configured the "ipfilter-net0" ipset and as far as i understand this corresponds to the following rule...

Hello, I did a small research relatively ipset filtering for LXC containers and it turns out that using a standard ipfilter-net* set matching IP/interfaces doesn't filter external IPv4 traffic very well, when it is going out from an IP not defined in set. For example we can create interface...

Hi All, Just signed up for a subscription and looking to go production with Proxmox and migrate our existing infrastructure to it. Still have some confusion regarding IPFilter and IPSet options in the firewall. Ultimately trying to prevent IP spoofing for both VMs and containers. Does enabling...

Hallo, ich benutze Proxmox 5, Beta 1 und möchte dort die IPSets der Firewall konfigurieren. Klicke ich nun bei IP/CIDR auf "Add", bekomme ich im Dropdown-Menü auf dem darauffolgenden Fenster keine Werte angezeigt. Nun habe ich haufenweise "zone"-Dateien (für jedes Land) mit IP-Adressen, welche...

Can someone please shed some light on ipfiltering. My understanding is that if we turn on ipfiltering in the firewall options we need to add the VM IP address so that traffic is only allowed to/from that ip. Is this correct? One thing we need clarification on is how is this setup? We read the...