Block VM from accessing private IPs (proxmox nodes and switches)

harmonyp

Member
Nov 26, 2020
160
3
23
44
I want to block virtual machines from being able to connect to proxmox interfaces on https://10.0.12.100:8006 for example. I've only tried the following which blocked all access not just the VMs.

[/code][RULES]

IN ACCEPT -i vmbr1 -source 10.0.12.0/24 -log nolog[/code]

If possible I want it to be a cluster wide rule rather than creating the rule for each virtual machine. I know I can do this other ways through external firewalls/Pfsense but hoping I can just do it at the proxmox firewall level.
 

aderumier

Active Member
May 14, 2013
207
19
38
I want to block virtual machines from being able to connect to proxmox interfaces on https://10.0.12.100:8006 for example. I've only

If possible I want it to be a cluster wide rule rather than creating the rule for each virtual machine. I know I can do this other ways through external firewalls/Pfsense but hoping I can just do it at the proxmox firewall level.
You need to create a security group with the blocking rule and add it in all yours vms.
 

harmonyp

Member
Nov 26, 2020
160
3
23
44
You need to create a security group with the blocking rule and add it in all yours vms.
Ok thanks might be a silly question but if I block 10.0.10.0/24 would that cause any issues if the virtual machine wanted to run something locally on any IP in that range? Example a lot of VPN install scripts would use 10.0.10.x as an IP
 

harmonyp

Member
Nov 26, 2020
160
3
23
44
Does this look ok?

Code:
[group blockbackend]

OUT DROP -dest 10.0.10.229 -log nolog
OUT DROP -dest 10.0.10.222 -log nolog
OUT DROP -dest 10.0.10.221 -log nolog
OUT DROP -dest 10.0.10.220 -log nolog

a7d788beb48bf354b8308613c1c058b6.png
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!