Firewall - conntrack question

thierrykaya

New Member
Jul 31, 2021
7
1
1
Brussels
PVE stack: 6.4-13 (running kernel: 5.4.128-1-pve)

How do I define a firewall rule, via the PVE firewall web frontend, that restricts incoming packets to tagged connections(conntrack)
for a specific security group?

A iptables rule equivalent would be:

iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Cheers,
 
Last edited:
I don't really know. Pve-firewall gets reloaded every few seconds, maybe you can setup a hook.
There are a lot more competent guys around here than me, though. :)