Hello @all
I have successfully installed proxmox 4.4.I also created a successful connection from VM to Proxmox.
Now I want to create firewall commands for this VM via Web GUI. I'm trying to block ssh with the code provided by the proxmox on the installed VM ( https://pve.proxmox.com/ wiki/ Firewall)
My problem encountered was that the command did not work, I could still ssh into normal despite I have restarted proxmox.
My process does the following:
My network configuration:
First, I enabled the firewall at the datacenter:
Then I checked that the proxmox firewall server was enabled and it was enabled.
Next I activate the firewall at vm and add the following code:
Then I proceeded to restart proxmox server, then I checked ssh cann't connect when I use an ip not in the rule but i am still ssh successful. Can you help me pinpoint why the command does not work?
I have successfully installed proxmox 4.4.I also created a successful connection from VM to Proxmox.
Now I want to create firewall commands for this VM via Web GUI. I'm trying to block ssh with the code provided by the proxmox on the installed VM ( https://pve.proxmox.com/ wiki/ Firewall)
My problem encountered was that the command did not work, I could still ssh into normal despite I have restarted proxmox.
My process does the following:
My network configuration:
Code:
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet manual
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8
iface vmbr0 inet manual
bridge_ports none
bridge_stp off
bridge_fd 0
auto vmbr23
iface vmbr23 inet static
address 103.xxx.xxx.23
netmask 255.255.255.128
gateway 103.xxx.xxx.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto eth1
iface eth1 inet static
address 10.xxx.xxx.23
netmask 255.255.255.0
post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr23/proxy_arp
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
Code:
[OPTIONS]
enable: 1
policy_in: ACCEPTNext I activate the firewall at vm and add the following code:
Code:
root@server:~# cat /etc/pve/firewall/100.fw
[OPTIONS]
policy_in: ACCEPT
enable: 1
[RULES]
OUT ACCEPT
IN SSH(ACCEPT) -i net0
IN SSH(ACCEPT) -i net0 -source 192.168.2.192 # only allow SSH from 192.168.2.192
IN SSH(ACCEPT) -i net0 -source 10.0.0.1-10.0.0.10 # accept SSH for ip in range 10.0.0.1 to 10.0.0.10
IN ACCEPT