Disable firewall from command line

dignus

Member
Feb 12, 2009
95
0
6
Hi,

What is the easiest way to completely disable the firewall from command line, the "proxmox way" ? Someone f*cked up the firewall config and we don't have access to the web interface any more and cluster config is broken.
 

wolfgang

Proxmox Staff Member
Staff member
Oct 1, 2014
4,763
316
83
Hi,
pve-firewall stop

This stops the firewall until next reboot or update of any packed what restart the pve-firwall.
If you like to disable it permanently , you can do this in the /etc/pve/firewall/cluster.fw
set enable: 1 to 0
 

gineta

New Member
May 16, 2012
12
2
3
Hi,
pve-firewall stop

This stops the firewall until next reboot or update of any packed what restart the pve-firwall.
If you like to disable it permanently , you can do this in the /etc/pve/firewall/cluster.fw
set enable: 1 to 0
I have very serious problem I can't access now the GUI and teh only system access the server is mounting the files in a recovery system
anyway the VPS works
I try to go to /etc/pve/firewall/cluster.fw but the folder firewall is missing like also to cluster.fw
I really need to get a solution for deactivate the firewall any ideas thanks
 
  • Like
Reactions: rsmvdl

rsmvdl

New Member
Jul 15, 2016
17
1
3
26
same here. I dont even have this path in my envirnoment "ls: cannot access /mnt/etc/pve/firewall/: No such file or directory"
(/mnt is used because the system is booted in rescue mode).
How to deactivate or reset the firewall via shell?
 

gineta

New Member
May 16, 2012
12
2
3
@wolfgang I start the server in rescue mode and change /etc/default/pve-firewall Edit that file and change to START_FIREWALL=no
because I not have /etc/pve/firewall/cluster.fw

That not change the situation I can't access the GUI or go to the server in SSH . Is any solution for this problem Please
 

gineta

New Member
May 16, 2012
12
2
3
OK GUYS That problem is the seam in similar POST around here that solution I propose will give you
start the Proxmox and make sure the Firewall is OFF That is a temporally Solution and you need to see
a solution for solve the problem or simple keep the promox firewall OFF


The solution to the problem . And you can after SSh or go to the GUI
And deactivate the firewall for ever

Start your server in recovery mode go to the partition you have mount your files
example : /mnt/etc

Edit the file rc.local
and add the line
pve-firewall stop

That need to look like this

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

pve-firewall stop

exit 0
 

ignaqui

New Member
Jan 12, 2017
13
1
3
40
If you have troubles with editing /etc/pve/firewall/cluster.fw, try to disable firewall manually on each cluster's node:
pve-firewall stop
Than
chmod u+w /etc/pve/firewall/cluster.fw
which allows you to edit the file.
After editing start firewall back:
pve-firewall start
 

Oleg Zech

New Member
Jul 19, 2019
1
0
1
47
If anything else fails, edit /etc/crontab and add

* * * * * root pve-firewall stop

Stupid as it is, it's a quick and sure fix. Many things changed with systemd, rc.local etc and we dont know for how many years this thread will be first in Google :) This fix is guaranteed for decades to come, regardless of the distro :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!