I'm using proxmox 4.4
I have one node with VMs
I have just activated the firewall on datacentre with following options set:
Firewall: enabled
Input Policy: Drop
Output Policy: Allow
In the rules I have a security group called proxmox which contains IN access for
There is nothing else allowed.
Therefore why is it that when I access the proxmox installation by SSH, service which require to receive data on port 80, such as the acme.sh script for renewing lets encrypt certificates work just fine. Surely with the Input Police as DROP - this should be blocked?
Any ideas what I'm missing here?
I have one node with VMs
I have just activated the firewall on datacentre with following options set:
Firewall: enabled
Input Policy: Drop
Output Policy: Allow
In the rules I have a security group called proxmox which contains IN access for
- Web interface: 8006
- pvedaemon (listens only on 127.0.0.1): 85
- SPICE proxy: 3128
- sshd (used for cluster actions): 22
- rpcbind: 111
- corosync multicast (if you run a cluster): 5404, 5405 UDP
There is nothing else allowed.
Therefore why is it that when I access the proxmox installation by SSH, service which require to receive data on port 80, such as the acme.sh script for renewing lets encrypt certificates work just fine. Surely with the Input Police as DROP - this should be blocked?
Any ideas what I'm missing here?