Disable firewall from command line

Discussion in 'Proxmox VE: Installation and configuration' started by dignus, Sep 6, 2016.

Tags:
  1. dignus

    dignus Member

    Joined:
    Feb 12, 2009
    Messages:
    95
    Likes Received:
    0
    Hi,

    What is the easiest way to completely disable the firewall from command line, the "proxmox way" ? Someone f*cked up the firewall config and we don't have access to the web interface any more and cluster config is broken.
     
  2. wolfgang

    wolfgang Proxmox Staff Member
    Staff Member

    Joined:
    Oct 1, 2014
    Messages:
    4,598
    Likes Received:
    306
    Hi,
    pve-firewall stop

    This stops the firewall until next reboot or update of any packed what restart the pve-firwall.
    If you like to disable it permanently , you can do this in the /etc/pve/firewall/cluster.fw
    set enable: 1 to 0
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. dignus

    dignus Member

    Joined:
    Feb 12, 2009
    Messages:
    95
    Likes Received:
    0
    Thanks, works like a charm.
     
  4. rsmvdl

    rsmvdl New Member

    Joined:
    Jul 15, 2016
    Messages:
    17
    Likes Received:
    1
    what about pve4? please update
     
  5. gineta

    gineta New Member

    Joined:
    May 16, 2012
    Messages:
    12
    Likes Received:
    2
    I have very serious problem I can't access now the GUI and teh only system access the server is mounting the files in a recovery system
    anyway the VPS works
    I try to go to /etc/pve/firewall/cluster.fw but the folder firewall is missing like also to cluster.fw
    I really need to get a solution for deactivate the firewall any ideas thanks
     
    rsmvdl likes this.
  6. rsmvdl

    rsmvdl New Member

    Joined:
    Jul 15, 2016
    Messages:
    17
    Likes Received:
    1
    same here. I dont even have this path in my envirnoment "ls: cannot access /mnt/etc/pve/firewall/: No such file or directory"
    (/mnt is used because the system is booted in rescue mode).
    How to deactivate or reset the firewall via shell?
     
  7. gineta

    gineta New Member

    Joined:
    May 16, 2012
    Messages:
    12
    Likes Received:
    2
    @wolfgang I start the server in rescue mode and change /etc/default/pve-firewall Edit that file and change to START_FIREWALL=no
    because I not have /etc/pve/firewall/cluster.fw

    That not change the situation I can't access the GUI or go to the server in SSH . Is any solution for this problem Please
     
  8. gineta

    gineta New Member

    Joined:
    May 16, 2012
    Messages:
    12
    Likes Received:
    2
    OK GUYS That problem is the seam in similar POST around here that solution I propose will give you
    start the Proxmox and make sure the Firewall is OFF That is a temporally Solution and you need to see
    a solution for solve the problem or simple keep the promox firewall OFF


    The solution to the problem . And you can after SSh or go to the GUI
    And deactivate the firewall for ever

    Start your server in recovery mode go to the partition you have mount your files
    example : /mnt/etc

    Edit the file rc.local
    and add the line
    pve-firewall stop

    That need to look like this

    #!/bin/sh -e
    #
    # rc.local
    #
    # This script is executed at the end of each multiuser runlevel.
    # Make sure that the script will "exit 0" on success or any other
    # value on error.
    #
    # In order to enable or disable this script just change the execution
    # bits.
    #
    # By default this script does nothing.

    pve-firewall stop

    exit 0
     
  9. ignaqui

    ignaqui New Member

    Joined:
    Jan 12, 2017
    Messages:
    12
    Likes Received:
    1
    If you have troubles with editing /etc/pve/firewall/cluster.fw, try to disable firewall manually on each cluster's node:
    pve-firewall stop
    Than
    chmod u+w /etc/pve/firewall/cluster.fw
    which allows you to edit the file.
    After editing start firewall back:
    pve-firewall start
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice