1. H

    PVE-Firewall - logs missing

    Hello, I am running a PVE 8.2.2 cluster on three nodes. I've enabled the firewall at the datacenter level, on each host and at VM level. The rules seems to be working fine. The only thing that I'm not seeing is any logs. I have even tried to enable the log_level_in and log_level_out to debug...
  2. Z

    Where is the location and name of pve-firewall.log configured?

    Happy pi-day! I am using my own firewall setup with own logs and noticed that some stuff still gets logged to the proxmox default location (which is displayed in the user interface under Firewall->log Can anybody tell me where I can change this? I'd like to have all logs in one file. kind...
  3. M

    pve-firewall cannot be used because fragmented packets are not supported

    Hello all, we operate a proxmox cluster with 3 nodes. The network settings look like this on all 3 nodes: As you see the bridge ist VLAN aware. We need this, because some of our machines need access to more than 32 VLANs, but we cannot add more than 32 NICs. So the VMs then have 1 interface...
  4. F

    Netfilter Syslog Spam

    Hallo zusammen, kann mir jemand erklären warum ich alle 5-10 Sekunden folgende Nachrichten im Syslog habe, bzw. wo es her kommen könnte? Lässt sich das abschalten? Jul 22 01:54:09 root2: NETFILTER_CFG table=filter family=7 entries=4 op=xt_replace pid=1727369 subj=system_u:system_r:initrc_t:s0...
  5. J

    Is PVE-Firewall required?

    Hello All, We have tried and failed to manage our firewall under Proxmox. We cannot use Proxmox's implementation of a firewall because quite frankly it is junk and overly confusing. When we try to install and use a firewall manager separate from Proxmox to try and take control of our node...
  6. F

    Counting remote accessed hosts

    Hello! I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies. I managed to block through Suricata the situation in which a client scans a certain IP...
  7. F

    Log action for security group

    Hello :) Is there any way to note in the pve-firewall logs what action (DROP/REJECT/ACCEPT) was taken when it happens on "security groups"? firewall for example: GROUP-default_rules-OUT 04/Apr/2022:10:33:53 +0200 IN=fwbr100i0 OUT=fwbr100i0 PHYSIN=tap100i0 PHYSOUT=fwln100i0...
  8. bfwdd

    Suricata Integration / Firewall Iptables

    Hello everyone, according to WIKI the suricata integration take place under /etc/pve/firewall/<VMID>.fw, and the rule will be automatically added to the iptables . It is exactly my case however i am not receiving alerts at Suricata. this is how the rule looks like: 2 NFQUEUE all --...
  9. B

    xtables lock iptables pve-firewall problem?

    Hello there, i got an error message i seem to unable to resolve myself: sylux pve-firewall[1416]: status update error: iptables_restore_cmdlist: Another app is currently holding the xtables lock. Perhaps you want to use the -w option? I found another thread here, where ip filtering should be...
  10. E

    POLL: Current Firewall Design, what is your ...

    This is a POLL thread in an attempt on covering all the models of firewall and Proxmox to help us better guage the future direction which we all collectively think that Proxmox should be supporting. Assumption must be made here for brevity of your reply: you make uses of Debian 10.6 and Proxmox...
  11. R

    pve-firewall restarting server to reduce memory usage

    Good day all, In the process of upgrading a pve 5 cluster to pve 6 (better late than never). After the corosync upgrade to 3 with all cluster nodes still on pve 5 and online with quorum there was a netwok issue on one of the nodes. All VMs became unreachable for a minute or two and then came...
  12. R

    Wireguard with Proxmox KVM Machine and Proxmox Firewall

    Hello, I have installed Wireguard in Proxmox KVM virtual Ubuntu Machine, because many changes must be do for running it into a lxc container. My Wireguard works fine clients can connect and everything worked. So my Wireguard VM have a network adapter with a public ip address. So I enabled the...
  13. Y

    [SOLVED] pve-firewall problem

    I did a reboot yesterday....and then: Apr 29 18:05:00 v3 systemd[1]: Starting Proxmox VE replication runner... Apr 29 18:05:01 v3 systemd[1]: Started Proxmox VE replication runner. Apr 29 18:05:07 v3 pve-firewall[36094]: status update error: unable to apply firewall changes Apr 29 18:05:16 v3...
  14. S

    pve-firewall disk usage 30%

    Almost all the time, the load in the atop is about 30% 5239 2577K 0K 0K 25% pve-firewall How can I reduce the load, IO Delay reaches up to 20% Proxmox Virtual Environment 4.2-17/e1400248 ZFS
  15. S

    [SOLVED] PVE-Firewall doesn't have any effect

    Hi guys, I'm trying to setup some firewall rules to protect a VM, but I fail badly and don't have a starting point to find out why. The proxmox host has a public IP X.Y.Z.80 from the network X.Y.Z.64/26 The VM uses a bridged network and also has a public IP X.Y.Z.69 I already tried setting...
  16. T

    [SOLVED] * * * Firewall error in node syslog * * *

    I am getting this error in the node syslog now, since the last subscription update today. Any help to alleviate this is greatly appreciated. "pve-firewall[13722]: status update error: iptables_restore_cmdlist: Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information."...
  17. G

    NAT + Firewall

  18. D

    [SOLVED] Failed to start Proxmox VE firewall.

    Just installed from Debian (due to needing a custom partitioning scheme). I installed a similar server last week without issue but ran into this error installing on this system. Upon trying to install proxmox-ve packages, pve-firewall fails to configure because it can't be started...
  19. H

    [SOLVED] pve-firewall blocking upgrade

    Hey all, I'm trying to upgrade my Proxmox install, that is running 4.3-9. After the `apt-get upgrade` command, I noticed that two packages weren't installed: `pve-firewall` and `pve-manager`. I tried to upgrade the `pve-manager` first, but it said it was dependent of `pve-firewall`, so I tried...
  20. B

    Firewalling question - securing the management interfaces

    Hello, I've got a Proxmox server that I need to connect to the internet directly (it is a hosted dedicated server). I then have a single IPv4 and IPv6 addresses provided by the hosting provider which will be assigned to this server. An additional IPv4 subnet and additional IPv6 subnets will be...


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!