[SOLVED] Command firewall VM on proxmox don't work

Domsday2017

New Member
May 11, 2017
6
0
1
33
Hello @all
I have successfully installed proxmox 4.4.I also created a successful connection from VM to Proxmox.
Now I want to create firewall commands for this VM via Web GUI. I'm trying to block ssh with the code provided by the proxmox on the installed VM ( https://pve.proxmox.com/ wiki/ Firewall)
My problem encountered was that the command did not work, I could still ssh into normal despite I have restarted proxmox.
My process does the following:
My network configuration:
Code:
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 8.8.8.8
iface vmbr0 inet manual
        bridge_ports none
        bridge_stp off
        bridge_fd 0

auto vmbr23
iface vmbr23 inet static
        address  103.xxx.xxx.23
        netmask  255.255.255.128
        gateway  103.xxx.xxx.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
auto eth1
iface eth1 inet static
        address 10.xxx.xxx.23
        netmask 255.255.255.0

post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr23/proxy_arp
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
First, I enabled the firewall at the datacenter:
Code:
[OPTIONS]

enable: 1
policy_in: ACCEPT
Then I checked that the proxmox firewall server was enabled and it was enabled.
Next I activate the firewall at vm and add the following code:
Code:
root@server:~# cat /etc/pve/firewall/100.fw
[OPTIONS]
policy_in: ACCEPT
enable: 1
[RULES]

OUT ACCEPT
IN SSH(ACCEPT) -i net0 
IN SSH(ACCEPT) -i net0 -source 192.168.2.192 # only allow SSH from  192.168.2.192
IN SSH(ACCEPT) -i net0 -source 10.0.0.1-10.0.0.10 # accept SSH for ip in range 10.0.0.1 to 10.0.0.10
IN ACCEPT
Then I proceeded to restart proxmox server, then I checked ssh cann't connect when I use an ip not in the rule but i am still ssh successful. Can you help me pinpoint why the command does not work?