Are Datacenter firewall rules copied to nodes ?

[proxbob]

Hi,
Are rules on the Datacenter copied to hosts ? I don't need to copy them manualy ?
For example, if I have a rule in datacenter that allow a and b, and deny x and y, are a and b allowed in the node and x and y denied ?
I have to simply "enable" the firewall on the node to get this rules copied ?

Also, are they copied to containers and VMs ?

Regards,

 

[wosp]

Yes, datacenter firewall rules are applied to all nodes in the cluster. You can check with "iptables -L" on each node.

I don't use containers, so I can't tell you for sure, but datacenter firewall rules aren't applied to KVM VM's and I think also not to containers. Also check with "iptables -L" on the container and KVM VM to be sure.

 

[esallenave]

Hi,
Applied to all nodes unless you overwrite dc rules from a given firewall node.
Read this: https://pve.proxmox.com/wiki/Proxmox_VE_Firewall
You will have clear answers to your questions.
Bye
Eric