Cluster Firewall

punjprateek

Member
Jul 26, 2021
71
1
13
30
India
Hi Guys,

I have 4 Server cluster i am trying to apply firewall rule to block 1 IP range from another interacting or accessing but i am unable to do so, i have been scratching my head since morning if someone can enlighten me a bit it would be great. firewall is enabled on Datacanter->Node-> VM also but still unable to make the rule implement on the VM. pve-firewall status also shows running.

Currently using the Latest Proxmox 7.2-7 Version with Bridge Network dhcp is managed by switch.

Trying to Block 10.250.0.3(vm-ip) Subnet from accessing 10.250.50.0/23 (mgmt-ip) which include blocking of Proxmox GUI also.

Attached is the Fw rule along with cluster fw config.

Code:
[OPTIONS]

enable: 1

[IPSET dns]

10.250.0.2

[IPSET mgmt-ip] # 0.x Segment

10.250.0.0/23 # 0 Segmentation(mgmt)

[IPSET nfs-ip]

10.250.2.10

[IPSET vm-ip] # 50.x Segment

10.250.50.0/23 # 50.x Segment IP (VMs)

[IPSET vpn-ip] # VPN segment

10.250.1.0/24

[RULES]

IN ACCEPT -source +vpn-ip -p tcp -dport 22,8006 -log nolog
IN DROP -source +vm-ip -dest +mgmt-ip -log nolog # disable play seg to mgmt seg
 

Attachments

  • Screenshot_4.png
    Screenshot_4.png
    66 KB · Views: 9
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!