Change Proxmox 4 default Firewall Rules?

Hello Dietmar.

No, it does not work either with GRE-Tunneling, but how do i modify the default rules in general?
I would like to use the firewall-feature, but if i enable the firewall openvswitch over GRE stops working.

Do you have any helpful idea for me?

Regards,
Oliver
 
No, it does not work either with GRE-Tunneling, but how do i modify the default rules in general?

Those rules are hard coded, so you cannot change them. We need to find a generic solution, so that we can include
that in the default rules.
 
Hello,
Same here.
I'm building a cluster hosted by a provider which forbids multicast on the private network.
The workaround was to setup a GRE tunnel between the hosts, which worked perfectly until i enabled pve-firewall.
The firewall completely broke the GRE tunnel.
Switching the tunnel to VXLAN (unicast, but makes multicast work inside the tunnel) instead of GRE "fixed" the issue, the cluster and the firewall are working without any hack.
GRE is still useful in some cases, it would be great if it could be fixed :)
Hope that helps,
Thank you.
 
It did.

root@PVE001:~# lsmod |grep -i gre
nf_conntrack_proto_gre 16384 0
nf_conntrack 106496 4 nf_conntrack_proto_gre,xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ipv6
ip_gre 20480 0
ip_tunnel 28672 1 ip_gre
gre 16384 1 ip_gre

With this module loaded, tunnel, cluster and firewall are ok.
Should have tried this first.
At least i learned this kind of setup also works with vxlan :)
Thanks for your help.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!