enabling firewall on NIC blocks all traffic

L

luca_merkle

Member
Sep 17, 2018
19
0
21
55
Hi,
I manage a lot of proxmox servers, all fully updated, and I do find different behaviours about the firewall.

What happens is that on some servers, enabling the hardware firewall on NIC necessary to make firewall effective and working, stops all traffic for that VM.
There's literally no way to make traffic flow through.

Is this a known issue?
Is there a way to completely reset the firewall to check if this behaviour stops?

Thanks.
 
When you enable the Firewall for a NIC, no traffic flows anymore?

Can you post the output of the following files?

Code: 
/etc/pve/firewall/cluster.fw
/etc/pve/nodes/<nodename>/host.fw
/etc/pve/firewall/<VMID>/fw

As well as the following command:

Code: 
iptables-save

Additionally, the VM config as well as the network config would be interesting:

Code: 
qm config <VMID>
cat /etc/network/interfaces
 
Hi,

thanks for your reply.

Here are the file as requested:

root@m20289:~# cat /etc/pve/firewall/cluster.fw
[OPTIONS]
ebtables: 0
enable: 1
[RULES]
IN ACCEPT -p tcp -dport 22 -log info
IN ACCEPT -p tcp -dport 8006 -log info


root@m20289:~# cat /etc/pve/nodes/m20289/host.fw
[OPTIONS]
enable: 0
tcpflags: 1
log_level_out: info
[RULES]
|IN ACCEPT -p tcp -dport 9443 -log info
IN DROP -p tcp -dport 3128 -log info


root@m20289:~# cat /etc/pve/firewall/202.fw
[OPTIONS]
dhcp: 0
enable: 0
ipfilter: 1
ndp: 0
[RULES]
|IN DROP -source 10.245.3.0/28 -log nolog
|IN DROP -source 10.245.4.0/28 -log nolog

(in disabled state now, but enabling doesn't obviously work until I flag the nic firewall, which will block all traffic)

ALSO

root@m20289:~# cat /etc/pve/firewall/203.fw
[OPTIONS]
enable: 1
 
And the other confs:
root@m20289:/tmp# cat iptables.save
# Generated by iptables-save v1.8.7 on Tue Jan 24 15:00:54 2023
*nat
:PREROUTING ACCEPT [12380095:1499339734]
:INPUT ACCEPT [784831:100035166]
:OUTPUT ACCEPT [331156:20032483]
:POSTROUTING ACCEPT [479890:28663003]
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 23122 -j DNAT --to-destination 10.15.1.10:22
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35100 -j DNAT --to-destination 10.15.1.10:35100
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35101 -j DNAT --to-destination 10.15.1.10:35101
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35102 -j DNAT --to-destination 10.15.1.10:35102
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35103 -j DNAT --to-destination 10.15.1.10:35103
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35104 -j DNAT --to-destination 10.15.1.10:35104
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35105 -j DNAT --to-destination 10.15.1.10:35105
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35106 -j DNAT --to-destination 10.15.1.10:35106
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35107 -j DNAT --to-destination 10.15.1.10:35107
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35108 -j DNAT --to-destination 10.15.1.10:35108
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35109 -j DNAT --to-destination 10.15.1.10:35109
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35110 -j DNAT --to-destination 10.15.1.10:35110
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35111 -j DNAT --to-destination 10.15.1.10:35111
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35112 -j DNAT --to-destination 10.15.1.10:35112
-A PREROUTING -i ens10f0 -p udp -m udp --dport 35114 -j DNAT --to-destination 10.15.1.10:35114
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 23122 -j DNAT --to-destination 10.15.1.10:22
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 9443 -j DNAT --to-destination 10.200.1.10:443
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 44350 -j DNAT --to-destination 10.200.2.10:443
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 22443 -j DNAT --to-destination 10.200.3.10:443
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 15300 -j DNAT --to-destination 10.200.1.10:22
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 15500 -j DNAT --to-destination 10.200.2.10:22
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 15400 -j DNAT --to-destination 10.200.3.10:22
-A PREROUTING -i ens10f0 -p tcp -m tcp --dport 22108 -j DNAT --to-destination 10.12.10.10:22
-A POSTROUTING -s 10.15.1.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.1.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.2.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.3.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.4.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.5.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.6.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.7.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.8.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.9.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.10.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.11.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.12.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.14.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.99.1.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.15.1.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.15.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.20.16.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.30.1.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.30.2.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.30.3.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.30.4.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.30.5.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.30.6.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.30.8.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.200.1.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.200.2.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.200.3.0/24 -o ens10f0 -j MASQUERADE
-A POSTROUTING -s 10.12.10.0/24 -o ens10f0 -j MASQUERADE
COMMIT
# Completed on Tue Jan 24 15:00:54 2023
# Generated by iptables-save v1.8.7 on Tue Jan 24 15:00:54 2023
*raw
:PREROUTING ACCEPT [2123171505:558374713177]
:OUTPUT ACCEPT [68857098:3938193781334]
COMMIT
# Completed on Tue Jan 24 15:00:54 2023
# Generated by iptables-save v1.8.7 on Tue Jan 24 15:00:54 2023
*filter
:INPUT ACCEPT [30611:15225806]
:FORWARD ACCEPT [1905:895712]
:OUTPUT ACCEPT [2332:501396]
:PVEFW-Drop - [0:0]
:PVEFW-DropBroadcast - [0:0]
:PVEFW-FORWARD - [0:0]
:PVEFW-FWBR-IN - [0:0]
:PVEFW-FWBR-OUT - [0:0]
:PVEFW-INPUT - [0:0]
:PVEFW-OUTPUT - [0:0]
:PVEFW-Reject - [0:0]
:PVEFW-SET-ACCEPT-MARK - [0:0]
:PVEFW-logflags - [0:0]
:PVEFW-reject - [0:0]
:PVEFW-smurflog - [0:0]
:PVEFW-smurfs - [0:0]
:PVEFW-tcpflags - [0:0]
:f2b-proxmox - [0:0]
:f2b-sshd - [0:0]
-A INPUT -p tcp -m multiport --dports 443,80,8006 -j f2b-proxmox
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -j PVEFW-INPUT
-A INPUT -m set --match-set tor src -j DROP
-A INPUT -m set --match-set tor src -j DROP
-A FORWARD -j PVEFW-FORWARD
-A OUTPUT -j PVEFW-OUTPUT
-A PVEFW-Drop -j PVEFW-DropBroadcast
-A PVEFW-Drop -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A PVEFW-Drop -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A PVEFW-Drop -m conntrack --ctstate INVALID -j DROP
-A PVEFW-Drop -p udp -m multiport --dports 135,445 -j DROP
-A PVEFW-Drop -p udp -m udp --dport 137:139 -j DROP
-A PVEFW-Drop -p udp -m udp --sport 137 --dport 1024:65535 -j DROP
-A PVEFW-Drop -p tcp -m multiport --dports 135,139,445 -j DROP
-A PVEFW-Drop -p udp -m udp --dport 1900 -j DROP
-A PVEFW-Drop -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A PVEFW-Drop -p udp -m udp --sport 53 -j DROP
-A PVEFW-Drop -m comment --comment "PVESIG:83WlR/a4wLbmURFqMQT3uJSgIG8"
-A PVEFW-DropBroadcast -m addrtype --dst-type BROADCAST -j DROP
-A PVEFW-DropBroadcast -m addrtype --dst-type MULTICAST -j DROP
-A PVEFW-DropBroadcast -m addrtype --dst-type ANYCAST -j DROP
-A PVEFW-DropBroadcast -d 224.0.0.0/4 -j DROP
-A PVEFW-DropBroadcast -m comment --comment "PVESIG:NyjHNAtFbkH7WGLamPpdVnxHy4w"
-A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP
-A PVEFW-FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A PVEFW-FORWARD -m physdev --physdev-in fwln+ --physdev-is-bridged -j PVEFW-FWBR-IN
-A PVEFW-FORWARD -m physdev --physdev-out fwln+ --physdev-is-bridged -j PVEFW-FWBR-OUT
-A PVEFW-FORWARD -m comment --comment "PVESIG:qnNexOcGa+y+jebd4dAUqFSp5nw"
-A PVEFW-FWBR-IN -m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs
-A PVEFW-FWBR-IN -p tcp -j PVEFW-tcpflags
-A PVEFW-FWBR-IN -m comment --comment "PVESIG:Ka4S8B0HM4A1RRtoso/euMz41l8"
-A PVEFW-FWBR-OUT -m comment --comment "PVESIG:2jmj7l5rSw0yVb/vlWAYkK/YBwk"
-A PVEFW-INPUT -m comment --comment "PVESIG:2jmj7l5rSw0yVb/vlWAYkK/YBwk"
-A PVEFW-OUTPUT -m comment --comment "PVESIG:2jmj7l5rSw0yVb/vlWAYkK/YBwk"
-A PVEFW-Reject -j PVEFW-DropBroadcast
-A PVEFW-Reject -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A PVEFW-Reject -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A PVEFW-Reject -m conntrack --ctstate INVALID -j DROP
-A PVEFW-Reject -p udp -m multiport --dports 135,445 -j PVEFW-reject
-A PVEFW-Reject -p udp -m udp --dport 137:139 -j PVEFW-reject
-A PVEFW-Reject -p udp -m udp --sport 137 --dport 1024:65535 -j PVEFW-reject
-A PVEFW-Reject -p tcp -m multiport --dports 135,139,445 -j PVEFW-reject
-A PVEFW-Reject -p udp -m udp --dport 1900 -j DROP
-A PVEFW-Reject -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A PVEFW-Reject -p udp -m udp --sport 53 -j DROP
-A PVEFW-Reject -m comment --comment "PVESIG:h3DyALVslgH5hutETfixGP08w7c"
-A PVEFW-SET-ACCEPT-MARK -j MARK --set-xmark 0x80000000/0x80000000
-A PVEFW-SET-ACCEPT-MARK -m comment --comment "PVESIG:Hg/OIgIwJChBUcWU8Xnjhdd2jUY"
-A PVEFW-logflags -j DROP
-A PVEFW-logflags -m comment --comment "PVESIG:MN4PH1oPZeABMuWr64RrygPfW7A"
-A PVEFW-reject -m addrtype --dst-type BROADCAST -j DROP
-A PVEFW-reject -s 224.0.0.0/4 -j DROP
-A PVEFW-reject -p icmp -j DROP
-A PVEFW-reject -p tcp -j REJECT --reject-with tcp-reset
-A PVEFW-reject -p udp -j REJECT --reject-with icmp-port-unreachable
-A PVEFW-reject -p icmp -j REJECT --reject-with icmp-host-unreachable
-A PVEFW-reject -j REJECT --reject-with icmp-host-prohibited
-A PVEFW-reject -m comment --comment "PVESIG:Jlkrtle1mDdtxDeI9QaDSL++Npc"
-A PVEFW-smurflog -j DROP
-A PVEFW-smurflog -m comment --comment "PVESIG:2gfT1VMkfr0JL6OccRXTGXo+1qk"
-A PVEFW-smurfs -s 0.0.0.0/32 -j RETURN
-A PVEFW-smurfs -m addrtype --src-type BROADCAST -g PVEFW-smurflog
-A PVEFW-smurfs -s 224.0.0.0/4 -g PVEFW-smurflog
-A PVEFW-smurfs -m comment --comment "PVESIG:HssVe5QCBXd5mc9kC88749+7fag"
-A PVEFW-tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g PVEFW-logflags
-A PVEFW-tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g PVEFW-logflags
-A PVEFW-tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g PVEFW-logflags
-A PVEFW-tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g PVEFW-logflags
-A PVEFW-tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g PVEFW-logflags
-A PVEFW-tcpflags -m comment --comment "PVESIG:CMFojwNPqllyqD67NeI5m+bP5mo"
COMMIT
# Completed on Tue Jan 24 15:00:54 2023


QM CONFIG

agent: 1
balloon: 0
boot: order=scsi0;net0
cores: 1
cpu: host,flags=+aes
memory: 4096
meta: creation-qemu=6.2.0,ctime=1653043743
name: NC-RHCLOUD
net0: virtio=5E:C3:3C:D2:CC:5D,bridge=vmbr202
numa: 0
onboot: 1
ostype: l26
rng0: source=/dev/urandom
scsi0: local:202/vm-202-disk-0.qcow2,size=32G
scsi1: local:202/vm-202-disk-1.qcow2,size=256G
scsihw: virtio-scsi-pci
smbios1: uuid=f8944f81-be61-4f6a-8aa0-87512d9402ec
sockets: 4
vmgenid: 26c5c2d1-ee0b-4ed7-8344-86c52eef1906


INTERFACES

root@m20289:/tmp# cat interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*
pre-up /usr/sbin/ethtool -G eth2 rx 4096 tx 4096

auto lo
iface lo inet loopback

auto ens10f0
iface ens10f0 inet static
address [REDACTED]
gateway [REDACTED]
dns-nameservers 1.0.0.1 8.8.4.4
# dns-* options are implemented by the resolvconf package, if installed

iface ens10f1 inet manual

iface ens10f2 inet manual

iface ens10f3 inet manual

auto vmbr100
iface vmbr100 inet static
address 10.15.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr101
iface vmbr101 inet static
address 10.20.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr102
iface vmbr102 inet static
address 10.20.2.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr103
iface vmbr103 inet static
address 10.20.3.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr104
iface vmbr104 inet static
address 10.20.4.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

auto vmbr105
iface vmbr105 inet static
address 10.20.5.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

[ ... they have all the same config till the last one... ]

then there's a bunch of masquerading

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.15.1.0/24' -o ens10f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.15.1.0/24' -o ens10f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.20.1.0/24' -o ens10f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.20.1.0/24' -o ens10f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.20.2.0/24' -o ens10f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.20.2.0/24' -o ens10f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.20.3.0/24' -o ens10f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.20.3.0/24' -o ens10f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.20.4.0/24' -o ens10f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.20.4.0/24' -o ens10f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.20.5.0/24' -o ens10f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.20.5.0/24' -o ens10f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.20.6.0/24' -o ens10f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.20.6.0/24' -o ens10f0 -j MASQUERADE
post-up iptables -t nat -A POSTROUTING -s '10.20.7.0/24' -o ens10f0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.20.7.0/24' -o ens10f0 -j MASQUERADE

[...]
then some DNAT

post-up iptables -t nat -A PREROUTING -i ens10f0 -p tcp --dport 23122 -j DNAT --to 10.15.1.10:22 #HUB
post-down iptables -t nat -D PREROUTING -i ens10f0 -p tcp --dport 23122 -j DNAT --to 10.15.1.10:22 #HUB
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35100 -j DNAT --to 10.15.1.10:35100 #HUB
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35100 -j DNAT --to 10.15.1.10:35100 #HUB
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35101 -j DNAT --to 10.15.1.10:35101 #WG101
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35101 -j DNAT --to 10.15.1.10:35101 #WG101
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35102 -j DNAT --to 10.15.1.10:35102 #WG102
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35102 -j DNAT --to 10.15.1.10:35102 #WG102
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35103 -j DNAT --to 10.15.1.10:35103 #WG103
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35103 -j DNAT --to 10.15.1.10:35103 #WG103
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35104 -j DNAT --to 10.15.1.10:35104 #WG104
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35104 -j DNAT --to 10.15.1.10:35104 #WG104
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35105 -j DNAT --to 10.15.1.10:35105 #WG105
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35105 -j DNAT --to 10.15.1.10:35105 #WG105
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35106 -j DNAT --to 10.15.1.10:35106 #WG106
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35106 -j DNAT --to 10.15.1.10:35106 #WG106
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35107 -j DNAT --to 10.15.1.10:35107 #WG107
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35107 -j DNAT --to 10.15.1.10:35107 #WG107
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35108 -j DNAT --to 10.15.1.10:35108 #WG108
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35108 -j DNAT --to 10.15.1.10:35108 #WG108
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35109 -j DNAT --to 10.15.1.10:35109 #WG109
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35109 -j DNAT --to 10.15.1.10:35109 #WG109
post-up iptables -t nat -A PREROUTING -i ens10f0 -p udp --dport 35110 -j DNAT --to 10.15.1.10:35110 #WG110
post-down iptables -t nat -D PREROUTING -i ens10f0 -p udp --dport 35110 -j DNAT --to 10.15.1.10:35110 #WG110

[...]

and that's all.

What I'd like to underline is that the NIC-firewall blocking all traffic for a VM happens with every NIC-firewall in proxmox.

thanks.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom