Enabling Proxmox Firewall cause DROP of every connection

Italo Mazzanti

New Member
Aug 28, 2024
1
0
1
Hi all,
I am running into this issue: I set up the Proxmox Firewall for each level (Datacenter, my node and each container), but everytime I try to enable the Firewall on each level I lose connection to every container, but not the node interface.

I am allowing the port I need on every host, so for example if it's a web server I enable 80 and 443 and so on... But it seems it's not working properly.

My Datacenter configuration look like this:
1730574600781.png
My node configuration it's empty (I shouldn't need that, it should be take the configuration of the Datacenter).

And an example of a node where I am trying to connect look like this:

1730574694145.png

I need to reboot after disabling the firewall to have the containers working again...
 
Hi!
Are you using the nftables preview or the default iptables based one? Note that in both cases the default policy is DROP for incoming traffic. This means that your rules need to match the traffic exactly for it to get through. Also try setting the "log_level_in" option to e.g. "info" and check which packets are getting dropped.
 
Keep in mind that rules applied on the DC or Node level, apply only to all/specific nodes, not the guests.

You will have to add rules/security groups to the guests if they have the firewall enabled.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!