[SOLVED] Command firewall VM on proxmox don't work

Domsday2017

New Member
May 11, 2017
6
0
1
32
Hello @all
I have successfully installed proxmox 4.4.I also created a successful connection from VM to Proxmox.
Now I want to create firewall commands for this VM via Web GUI. I'm trying to block ssh with the code provided by the proxmox on the installed VM ( https://pve.proxmox.com/ wiki/ Firewall)
My problem encountered was that the command did not work, I could still ssh into normal despite I have restarted proxmox.
My process does the following:
My network configuration:
Code:
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 8.8.8.8
iface vmbr0 inet manual
        bridge_ports none
        bridge_stp off
        bridge_fd 0

auto vmbr23
iface vmbr23 inet static
        address  103.xxx.xxx.23
        netmask  255.255.255.128
        gateway  103.xxx.xxx.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
auto eth1
iface eth1 inet static
        address 10.xxx.xxx.23
        netmask 255.255.255.0

post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr23/proxy_arp
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
First, I enabled the firewall at the datacenter:
Code:
[OPTIONS]

enable: 1
policy_in: ACCEPT
Then I checked that the proxmox firewall server was enabled and it was enabled.
Next I activate the firewall at vm and add the following code:
Code:
root@server:~# cat /etc/pve/firewall/100.fw
[OPTIONS]
policy_in: ACCEPT
enable: 1
[RULES]

OUT ACCEPT
IN SSH(ACCEPT) -i net0 
IN SSH(ACCEPT) -i net0 -source 192.168.2.192 # only allow SSH from  192.168.2.192
IN SSH(ACCEPT) -i net0 -source 10.0.0.1-10.0.0.10 # accept SSH for ip in range 10.0.0.1 to 10.0.0.10
IN ACCEPT
Then I proceeded to restart proxmox server, then I checked ssh cann't connect when I use an ip not in the rule but i am still ssh successful. Can you help me pinpoint why the command does not work?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!