nftables

I have an internal vnet with systems that needed access to the Internet. With the newer proxmox-firewall I was able to create a new table with the necessary rules and save the changes to /etc/nftables.conf but the rules are not loaded at boot. The documentation says this on custom rules: "If you...

Hey everyone, I've got a VM running a site to site VPN which is a backup to a physical connection handled by a hardware router. As a result of this, the traffic passing via the internal interface may be asymmetrical, or existing connections created over the physical backhaul connection may at...

I'm having issue with pve-firewall having "pending changes" as soon as I enable nftables at the host level pve-firewall status Status: enabled/running (pending changes) Restarting pve-firewall does not help Deleting all VNet firewall rules does not help Linux x3 6.8.12-4-pve #1 SMP...

I've been testing out the newer nftables-based firewall, and outside of the (very annoying) syntax changes for iplists/aliases, it seems to be working well. However, I noticed an issue when configuring a VM that has three network interfaces. Only two of the three interfaces have the firewall...

Hello Everyone, i currently want to try out the SDN Feature and the complimentary VNet Firewall whilst the SDN seems to be working perfectly the VNet Firewall doesnt block The specific problem I encounter is that I have 2 SDN VNets defined: VMNet and mgmNet I want to be able to manage the VMs...

Hi, I wanted to try nftables on Proxmox, it seems quite nicely done, bravo! I guess most users don't use any output filters, but if using them in iptables, we get a stateful output rule, allowing to only open INPUT for a given port, and assume that it will go out. Chain PVEFW-HOST-OUT (1...

This is a POLL thread in an attempt on covering all the models of firewall and Proxmox to help us better guage the future direction which we all collectively think that Proxmox should be supporting. Assumption must be made here for brevity of your reply: you make uses of Debian 10.6 and Proxmox...

I'm using nftables to implement firewall rules. I have some rules which I need to apply to vmbr1 and the fwbr interfaces. I create my test config file thus: #!/usr/sbin/nft -f flush ruleset table netdev filterearly { chain ingress { type filter hook ingress device...