Config-Files in /etc/pve FILE TO LARGE

V

Virtualizer

Active Member
Dec 19, 2011
90
5
28
Dear,

config-files under /etc/pve cant been bigger as 130.000 bytes! This is a big big problem, for the firewall blacklist!
We will block in this datas of many IPs wich more as 256 kBytes.

So, my questions are:

Is that possible to include a file in the blacklist from other directory, expl in the cluster.fw

Code: 
[OPTIONS]


enable: 1
policy_in: ACCEPT


[ALIASES]


// small entries


[IPSET blacklist] # gesperrte IPs

include(/root/ext_blacklist.txt)

OR how is possible to change, that files can been written more as 130.000 bytes?

Regards


Detlef
 
In this blacklist are blocked users they have hack, create abuse or have create DDoS in last 24 hours on others servers too!
We use here the blacklist from blocklist.de! Their are ca. 13.000 IP - addresses inside and we reduce the IPs to CIDRs and reduce the size from 299015 bytes to 168411 bytes.

We have used before in many servers via route blocking without problems!

Regards


Detlef
 
but why this will been better? Is that only the problem of the filesize, that Proxmox can not handle?
The blacklist feature will been nice, why all containers they get the feature firewalled had then the blacklists inside and the other containers with not featured firewall can been used without the blacklist.

The other questions was before in other forums, is that better via iptables or route?
With iptables the containers need much numiptent and this shull not good over 500 entries or something about the problem of rules in total of the host, this will been frozen the host. With route this was never a problem!

Is in proxmox a include in the blacklist area possible?

Regards

Detlef
 
Virtualizer said:
but why this will been better? Is that only the problem of the filesize, that Proxmox can not handle?
Click to expand...

Yes, pmxcfs cannot handle such large files, that is the problem.

Virtualizer said:
The blacklist feature will been nice, why all containers they get the feature firewalled had then the blacklists inside and the other containers with not featured firewall can been used without the blacklist.

The other questions was before in other forums, is that better via iptables or route?
With iptables the containers need much numiptent and this shull not good over 500 entries or something about the problem of rules in total of the host, this will been frozen the host. With route this was never a problem!
Click to expand...

Not sure what you talk about here? You can also use ipset.

But please lets discuss development related issue on the pve development mailing list. This is the wrong place.

see: http://pve.proxmox.com/wiki/Developer_Documentation

I am sure we will find a solution for that problem.


Is in proxmox a include in the blacklist area possible?

Regards

Detlef[/QUOTE]
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom