Control chain PVEFW-FWBR-IN from PVE WebUI

stefws

stefws

Renowned Member
Jan 29, 2015
302
4
83
Denmark
siimnet.dk
Trying to grasp howto use the firewall of PVE.

Got a PVE cluster which only hold one tenant/application and are trying to replicate rules from a former central FW for this.

Have defined global ipsets and security groups at Datacenter level.

Adding rules at Datacenter level end up in the PVEFW-HOST-IN chain,
where they won't filter traffic from outside-world to VM (untrusted vs trusted).

Such would need to go into the PVEFW-FWBR-IN chain right?

From where in the PVE WebUI is this chain content controlled?

Do I need to replicate rules per VM or could I simulate former central FW rules at each hypervisor node level?

What are the purpose of the smurfs filter?
 
Seems per VM rules goes into the PVEFW-FWBR chains. Meaning to simulate former central rules I need to dup former central rules to every VM, right?
 
I define a security group at Datacenter level add it to several VM rule sets, only I don't see this group show up in iptables and rule set for referencing VMs... wondering why not?
 
What would be the purpose of having rules at hypervisor node level, ie. what's the use case compared with Datacenter and VM level rules?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back