pve-firewall

Hi! A few weeks ago the pve-firewall of my PVE invoked the oom-killer, which shut down one of my VMs and i couldn't turn it on again without restarting the whole PVE. Sep 18 01:55:11 pve01 kernel: pve-firewall invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=2, oom_score_adj=0...

Hello, I am running a PVE 8.2.2 cluster on three nodes. I've enabled the firewall at the datacenter level, on each host and at VM level. The rules seems to be working fine. The only thing that I'm not seeing is any logs. I have even tried to enable the log_level_in and log_level_out to debug...

Happy pi-day! I am using my own firewall setup with own logs and noticed that some stuff still gets logged to the proxmox default location (which is displayed in the user interface under Firewall->log Can anybody tell me where I can change this? I'd like to have all logs in one file. kind...

Hello all, we operate a proxmox cluster with 3 nodes. The network settings look like this on all 3 nodes: As you see the bridge ist VLAN aware. We need this, because some of our machines need access to more than 32 VLANs, but we cannot add more than 32 NICs. So the VMs then have 1 interface...

Hallo zusammen, kann mir jemand erklären warum ich alle 5-10 Sekunden folgende Nachrichten im Syslog habe, bzw. wo es her kommen könnte? Lässt sich das abschalten? Jul 22 01:54:09 root2: NETFILTER_CFG table=filter family=7 entries=4 op=xt_replace pid=1727369 subj=system_u:system_r:initrc_t:s0...

Hello All, We have tried and failed to manage our firewall under Proxmox. We cannot use Proxmox's implementation of a firewall because quite frankly it is junk and overly confusing. When we try to install and use a firewall manager separate from Proxmox to try and take control of our node...

Hello! I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies. I managed to block through Suricata the situation in which a client scans a certain IP...

Hello :) Is there any way to note in the pve-firewall logs what action (DROP/REJECT/ACCEPT) was taken when it happens on "security groups"? firewall for example: GROUP-default_rules-OUT 04/Apr/2022:10:33:53 +0200 IN=fwbr100i0 OUT=fwbr100i0 PHYSIN=tap100i0 PHYSOUT=fwln100i0...

Hello everyone, according to WIKI the suricata integration take place under /etc/pve/firewall/<VMID>.fw, and the rule will be automatically added to the iptables . It is exactly my case however i am not receiving alerts at Suricata. this is how the rule looks like: 2 NFQUEUE all --...

Hello there, i got an error message i seem to unable to resolve myself: sylux pve-firewall[1416]: status update error: iptables_restore_cmdlist: Another app is currently holding the xtables lock. Perhaps you want to use the -w option? I found another thread here, where ip filtering should be...

This is a POLL thread in an attempt on covering all the models of firewall and Proxmox to help us better guage the future direction which we all collectively think that Proxmox should be supporting. Assumption must be made here for brevity of your reply: you make uses of Debian 10.6 and Proxmox...

Good day all, In the process of upgrading a pve 5 cluster to pve 6 (better late than never). After the corosync upgrade to 3 with all cluster nodes still on pve 5 and online with quorum there was a netwok issue on one of the nodes. All VMs became unreachable for a minute or two and then came...

Hello, I have installed Wireguard in Proxmox KVM virtual Ubuntu Machine, because many changes must be do for running it into a lxc container. My Wireguard works fine clients can connect and everything worked. So my Wireguard VM have a network adapter with a public ip address. So I enabled the...

I did a reboot yesterday....and then: Apr 29 18:05:00 v3 systemd[1]: Starting Proxmox VE replication runner... Apr 29 18:05:01 v3 systemd[1]: Started Proxmox VE replication runner. Apr 29 18:05:07 v3 pve-firewall[36094]: status update error: unable to apply firewall changes Apr 29 18:05:16 v3...

Almost all the time, the load in the atop is about 30% 5239 2577K 0K 0K 25% pve-firewall How can I reduce the load, IO Delay reaches up to 20% Proxmox Virtual Environment 4.2-17/e1400248 ZFS

Hi guys, I'm trying to setup some firewall rules to protect a VM, but I fail badly and don't have a starting point to find out why. The proxmox host has a public IP X.Y.Z.80 from the network X.Y.Z.64/26 The VM uses a bridged network and also has a public IP X.Y.Z.69 I already tried setting...

I am getting this error in the node syslog now, since the last subscription update today. Any help to alleviate this is greatly appreciated. "pve-firewall[13722]: status update error: iptables_restore_cmdlist: Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information."...

Deleted

Just installed from Debian (due to needing a custom partitioning scheme). I installed a similar server last week without issue but ran into this error installing on this system. Upon trying to install proxmox-ve packages, pve-firewall fails to configure because it can't be started...

Hey all, I'm trying to upgrade my Proxmox install, that is running 4.3-9. After the `apt-get upgrade` command, I noticed that two packages weren't installed: `pve-firewall` and `pve-manager`. I tried to upgrade the `pve-manager` first, but it said it was dependent of `pve-firewall`, so I tried...