Hi guys,
I would like to allow access to SSH from only one IP address (100.100.100.100 for example).
So, I set up in Proxmox firewall these rules:
0:
Direction: in
Action: ACCEPT
Enable: yes
Source: 100.100.100.100
Protocol: TCP
Destination port: 22
1:
Direction: in
Action: DROP
Unfortunately, I still can access the host from any other IP address (and not only from 100.100.100.100).
The firewall is activated, of course, and allowing/blocking other ports, as configured.
Did I miss a setting?
Thank you.
Best regards
File:
I would like to allow access to SSH from only one IP address (100.100.100.100 for example).
So, I set up in Proxmox firewall these rules:
0:
Direction: in
Action: ACCEPT
Enable: yes
Source: 100.100.100.100
Protocol: TCP
Destination port: 22
1:
Direction: in
Action: DROP
Unfortunately, I still can access the host from any other IP address (and not only from 100.100.100.100).
The firewall is activated, of course, and allowing/blocking other ports, as configured.
Did I miss a setting?
Thank you.
Best regards
File:
Code:
root@machine:~# cat /etc/pve/firewall/cluster.fw
[OPTIONS]
ebtables: 1
enable: 1
log_ratelimit: burst=5,enable=0,rate=1/second
policy_in: ACCEPT
[RULES]
IN ACCEPT -source 100.100.100.100 -p tcp -dport 22 -log nolog
GROUP proxmox
IN DROP -log nolog
[group proxmox]
|OUT Ping(ACCEPT) -log nolog
|IN Ping(ACCEPT) -log nolog
|IN ACCEPT -p udp -dport 5404:5405 -log nolog
IN ACCEPT -p tcp -dport 5900:5999 -log nolog
IN ACCEPT -p tcp -dport 85 -log nolog
IN ACCEPT -source 100.100.100.100 -p tcp -dport 8006 -log nolog
IN ACCEPT -p tcp -dport 111 -log nolog
IN ACCEPT -p tcp -dport 3128 -log nolog
IN ACCEPT -source 100.100.100.100 -p tcp -dport 22 -log nolog
Last edited: