Block VM from accessing private IPs (proxmox nodes and switches)

H

harmonyp

Member
Nov 26, 2020
196
4
23
47
I want to block virtual machines from being able to connect to proxmox interfaces on https://10.0.12.100:8006 for example. I've only tried the following which blocked all access not just the VMs.

[/code][RULES]

IN ACCEPT -i vmbr1 -source 10.0.12.0/24 -log nolog[/code]

If possible I want it to be a cluster wide rule rather than creating the rule for each virtual machine. I know I can do this other ways through external firewalls/Pfsense but hoping I can just do it at the proxmox firewall level.
 
harmonyp said:
I want to block virtual machines from being able to connect to proxmox interfaces on https://10.0.12.100:8006 for example. I've only

If possible I want it to be a cluster wide rule rather than creating the rule for each virtual machine. I know I can do this other ways through external firewalls/Pfsense but hoping I can just do it at the proxmox firewall level.
Click to expand...
You need to create a security group with the blocking rule and add it in all yours vms.
 
aderumier said:
You need to create a security group with the blocking rule and add it in all yours vms.
Click to expand...
Ok thanks might be a silly question but if I block 10.0.10.0/24 would that cause any issues if the virtual machine wanted to run something locally on any IP in that range? Example a lot of VPN install scripts would use 10.0.10.x as an IP
 
Does this look ok?

Code: 
[group blockbackend]

OUT DROP -dest 10.0.10.229 -log nolog
OUT DROP -dest 10.0.10.222 -log nolog
OUT DROP -dest 10.0.10.221 -log nolog
OUT DROP -dest 10.0.10.220 -log nolog

a7d788beb48bf354b8308613c1c058b6.png
 
You must log in or register to reply here.
Top Bottom