I updated my Proxmox server today and immediately ran into problems with the firewall, locking me out from the server.
I rebooted the server hoping that would bring tings backup again, but this made me aware that it was in fact a firewall lockout. VM's and CT's are running fine.
After requesting a remote KVM session with my host I managed to find some evidence on what happened.
/var/log/apt/history.log
Once the updates are done, pve-firewall reports errors with the security groups I've made (and use) for Datacenter -firewall.
/var/log/pve-firewall.log
I disabled firewall in cluster.fw and rebooted.
What I do notice now is that when trying to add security groups to a server from the Proxmox WebUI, it returns error.
I can still manually set firewall rules for Datacenter, but not use any of the security groups. Trying to insert a group returns the error above.
However, for VM/CTs firwall settings I can add security groups without any problems.
I am not sure what I can do to recover from this.
Anyone else having issues? What may be the cause of this and how to resolve it?
Thank you.
I rebooted the server hoping that would bring tings backup again, but this made me aware that it was in fact a firewall lockout. VM's and CT's are running fine.
After requesting a remote KVM session with my host I managed to find some evidence on what happened.
/var/log/apt/history.log
Code:
Commandline: apt dist-upgrade
Install: zstd:amd64 (1.3.8+dfsg-3, automatic), libproxmox-acme-perl:amd64 (1.0.2, automatic), idn:amd64 (1.33-2.2, automatic)
Upgrade: proxmox-widget-toolkit:amd64 (2.1-3, 2.1-6), libpve-access-control:amd64 (6.0-6, 6.0-7), libpve-storage-perl:amd64 (6.1-5, 6.1-7), libpve-cluster-api-perl:amd64 (6.1-4, 6.1-8), libpve-cluster-perl:amd64 (6.1-4, 6.1-8), pve-firewall:amd64 (4.0-10, 4.1-1), pve-container:amd64 (3.0-23, 3.1-4), pve-cluster:amd64 (6.1-4, 6.1-8), pve-i18n:amd64 (2.0-4, 2.1-1), pve-manager:amd64 (6.1-8, 6.1-11), libpve-guest-common-perl:amd64 (3.0-5, 3.0-10), libpve-common-perl:amd64 (6.0-17, 6.1-1), lxc-pve:amd64 (3.2.1-1, 4.0.2-1), qemu-server:amd64 (6.1-7, 6.1-19), pve-kernel-helper:amd64 (6.1-8, 6.1-9), lxcfs:amd64 (4.0.1-pve1, 4.0.3-pve2)Once the updates are done, pve-firewall reports errors with the security groups I've made (and use) for Datacenter -firewall.
/var/log/pve-firewall.log
Code:
|May 6 12:42:01 node151 pve-firewall[1852]: /etc/pve/firewall/cluster.fw (line 25) - errors in rule parameters: GROUP netdata │
│May 6 12:42:01 node151 pve-firewall[1852]: action: security group 'netdata' does not exist │
│May 6 12:42:01 node151 pve-firewall[1852]: /etc/pve/firewall/cluster.fw (line 26) - errors in rule parameters: GROUP proxmox │
│May 6 12:42:01 node151 pve-firewall[1852]: action: security group 'proxmox' does not exist │
│May 6 12:42:01 node151 pve-firewall[1852]: /etc/pve/firewall/cluster.fw (line 27) - errors in rule parameters: GROUP ping │
│May 6 12:42:01 node151 pve-firewall[1852]: action: security group 'ping' does not exist │
│May 6 12:42:01 node151 pve-firewall[1852]: restarting server │
│May 6 12:42:01 node151 pve-firewall[1852]: /etc/pve/firewall/cluster.fw (line 25) - errors in rule parameters: GROUP netdata │
│May 6 12:42:01 node151 pve-firewall[1852]: action: security group 'netdata' does not exist │
│May 6 12:42:01 node151 pve-firewall[1852]: /etc/pve/firewall/cluster.fw (line 26) - errors in rule parameters: GROUP proxmox │
│May 6 12:42:01 node151 pve-firewall[1852]: action: security group 'proxmox' does not exist │
│May 6 12:42:01 node151 pve-firewall[1852]: /etc/pve/firewall/cluster.fw (line 27) - errors in rule parameters: GROUP ping │
│May 6 12:42:01 node151 pve-firewall[1852]: action: security group 'ping' does not existI disabled firewall in cluster.fw and rebooted.
What I do notice now is that when trying to add security groups to a server from the Proxmox WebUI, it returns error.
I can still manually set firewall rules for Datacenter, but not use any of the security groups. Trying to insert a group returns the error above.
However, for VM/CTs firwall settings I can add security groups without any problems.
I am not sure what I can do to recover from this.
Anyone else having issues? What may be the cause of this and how to resolve it?
Thank you.
Last edited:
