pve-firewall

Hello All, We have tried and failed to manage our firewall under Proxmox. We cannot use Proxmox's implementation of a firewall because quite frankly it is junk and overly confusing. When we try to install and use a firewall manager separate from Proxmox to try and take control of our node...

Hello! I own a hosting company and I often face the situation where my clients using weak passwords end up being broken and at the same time my VPSs become the source of scans on other hosting companies. I managed to block through Suricata the situation in which a client scans a certain IP...

Hello :) Is there any way to note in the pve-firewall logs what action (DROP/REJECT/ACCEPT) was taken when it happens on "security groups"? firewall for example: GROUP-default_rules-OUT 04/Apr/2022:10:33:53 +0200 IN=fwbr100i0 OUT=fwbr100i0 PHYSIN=tap100i0 PHYSOUT=fwln100i0...

Hello everyone, according to WIKI the suricata integration take place under /etc/pve/firewall/<VMID>.fw, and the rule will be automatically added to the iptables . It is exactly my case however i am not receiving alerts at Suricata. this is how the rule looks like: 2 NFQUEUE all --...

Hello there, i got an error message i seem to unable to resolve myself: sylux pve-firewall[1416]: status update error: iptables_restore_cmdlist: Another app is currently holding the xtables lock. Perhaps you want to use the -w option? I found another thread here, where ip filtering should be...

This is a POLL thread in an attempt on covering all the models of firewall and Proxmox to help us better guage the future direction which we all collectively think that Proxmox should be supporting. Assumption must be made here for brevity of your reply: you make uses of Debian 10.6 and Proxmox...

Good day all, In the process of upgrading a pve 5 cluster to pve 6 (better late than never). After the corosync upgrade to 3 with all cluster nodes still on pve 5 and online with quorum there was a netwok issue on one of the nodes. All VMs became unreachable for a minute or two and then came...

Hello, I have installed Wireguard in Proxmox KVM virtual Ubuntu Machine, because many changes must be do for running it into a lxc container. My Wireguard works fine clients can connect and everything worked. So my Wireguard VM have a network adapter with a public ip address. So I enabled the...

I did a reboot yesterday....and then: Apr 29 18:05:00 v3 systemd[1]: Starting Proxmox VE replication runner... Apr 29 18:05:01 v3 systemd[1]: Started Proxmox VE replication runner. Apr 29 18:05:07 v3 pve-firewall[36094]: status update error: unable to apply firewall changes Apr 29 18:05:16 v3...

Almost all the time, the load in the atop is about 30% 5239 2577K 0K 0K 25% pve-firewall How can I reduce the load, IO Delay reaches up to 20% Proxmox Virtual Environment 4.2-17/e1400248 ZFS

Hi guys, I'm trying to setup some firewall rules to protect a VM, but I fail badly and don't have a starting point to find out why. The proxmox host has a public IP X.Y.Z.80 from the network X.Y.Z.64/26 The VM uses a bridged network and also has a public IP X.Y.Z.69 I already tried setting...

I am getting this error in the node syslog now, since the last subscription update today. Any help to alleviate this is greatly appreciated. "pve-firewall[13722]: status update error: iptables_restore_cmdlist: Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information."...

Deleted

Just installed from Debian (due to needing a custom partitioning scheme). I installed a similar server last week without issue but ran into this error installing on this system. Upon trying to install proxmox-ve packages, pve-firewall fails to configure because it can't be started...

Hey all, I'm trying to upgrade my Proxmox install, that is running 4.3-9. After the `apt-get upgrade` command, I noticed that two packages weren't installed: `pve-firewall` and `pve-manager`. I tried to upgrade the `pve-manager` first, but it said it was dependent of `pve-firewall`, so I tried...

Hello, I've got a Proxmox server that I need to connect to the internet directly (it is a hosted dedicated server). I then have a single IPv4 and IPv6 addresses provided by the hosting provider which will be assigned to this server. An additional IPv4 subnet and additional IPv6 subnets will be...

Hello, I using a 3 Node Proxmox 4.1 Cluster with PVE-Firewall. The BSI Team makes a Pentest on my Server and have reported, that rpcbind and squid-http port is open. So i think ok, and add rules to drop the ports 111 and 3128 tcp/udp. But the Firewall doesn't block the Ports (other Settings...