[SOLVED] Can't get firewall to block traffic

[nck]

Hey,

I am running Proxmox VE 3.4-6 with some hosts as Virtual Machine. On my top-most node I "enabled" the firewall and added a security group, that's "enabled" to. For testing purposes I added a rule to reject all incoming SSH-traffic. (Direction: In, Macro: SSH, Action: Reject, Enabled: Ticked).

On my first node I enabled the firewall, too. On my testing host I enabled the firewall, too, and under "rules" I added the security group specified above and "enabled" it, too. I left "interface" blank. I also enabled logging_in and logging_out and set it to "info"-level.

Now I am checking the port from outside (using www*youtgetsignal*com/tools/open-ports). I entered my IP-address and port 22.

But it's still open and there are no logging events in the log.

What am I doing wrong?

Thanks in advance,

cheers!

 

[t.lamprecht]

Have you also enabled it in the firewall tab on the "Datacenter" level?

 

[nck]

yes, I enabled it three times - on Datacenter level, one level beyond, my vm-container and last but not least on the host.

 

[t.lamprecht]

Is it also enabled on the network interface in the hardware Tab? This bit me some time ago.

 

[nck]

Thank you so much. It wasn't enabled. Its working now!

(is that some kind of feature, 4 confirmations in a row? ^^)

 

[t.lamprecht]

Haha, no problem


First I though that also for a moment, but it makes sense though, you can configure it for every level and interface separately, which is nice to have. Also Datacenter level normally has to be enabled only once in a clusters lifetime and node level is default already enabled...^^