Block VM from accessing private IPs (proxmox nodes and switches)

[harmonyp]

I want to block virtual machines from being able to connect to proxmox interfaces on https://10.0.12.100:8006 for example. I've only tried the following which blocked all access not just the VMs.

[/code][RULES]

IN ACCEPT -i vmbr1 -source 10.0.12.0/24 -log nolog[/code]

If possible I want it to be a cluster wide rule rather than creating the rule for each virtual machine. I know I can do this other ways through external firewalls/Pfsense but hoping I can just do it at the proxmox firewall level.

 

[aderumier]

I want to block virtual machines from being able to connect to proxmox interfaces on https://10.0.12.100:8006 for example. I've only

If possible I want it to be a cluster wide rule rather than creating the rule for each virtual machine. I know I can do this other ways through external firewalls/Pfsense but hoping I can just do it at the proxmox firewall level.

You need to create a security group with the blocking rule and add it in all yours vms.

 

[harmonyp]

You need to create a security group with the blocking rule and add it in all yours vms.

Ok thanks might be a silly question but if I block 10.0.10.0/24 would that cause any issues if the virtual machine wanted to run something locally on any IP in that range? Example a lot of VPN install scripts would use 10.0.10.x as an IP

 

[harmonyp]

Does this look ok?

[group blockbackend]

OUT DROP -dest 10.0.10.229 -log nolog
OUT DROP -dest 10.0.10.222 -log nolog
OUT DROP -dest 10.0.10.221 -log nolog
OUT DROP -dest 10.0.10.220 -log nolog