-

there is no need restart the "networking" service (which you should probably never do) just for modifying iptables rules Oo - modify them in your network/interfaces files for the next reboot, and then modify the currently loaded set at as well (with the "iptables" and friends binaries).
 
Putting them into /etc/network/interfaces is for persistence (i.e., when bringing up/down the interfaces manually or upon reboot). If you want to change rules, you don't want to bring down your interfaces (or the whole networking stack) - so you apply your changes to the currently loaded tables. That's just how it works (the pve-firewall also regenerates the rules and re-applies them upon changes).

You just have to be careful about the order of loaded rules when modifying the existing ruleset.

When you restart the networking service, you effectively kill all connections on the bridge, so it's no wonder that stuff breaks.
 
iptables-save and -restore are part of iptables, not iptables-persistent. but yes, that should work (note that your syntax is wrong, you want "iptables-save > my-rules" and "iptables-restore < my-rules"). pve-firewall might need a few seconds to reset its rules afterwards, just like when you change the firewall settings in PVE itself.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back