[SOLVED] Firewall Default Rules Not Present

May 18, 2019
231
15
38
Varies
According to the wiki, proxmox comes with some default rules. But
Code:
iptables -L -xvn
shows:

Code:
Chain INPUT (policy ACCEPT 77651 packets, 15630208 bytes)
    pkts      bytes target     prot opt in     out     source               destination
   68754 13978100 f2b-proxmox  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 443,80,8006
     152    11215 f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 51598 packets, 22823092 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain f2b-proxmox (1 references)
    pkts      bytes target     prot opt in     out     source               destination
   68754 13978100 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain f2b-sshd (1 references)
    pkts      bytes target     prot opt in     out     source               destination
     152    11215 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Plus the GUI shows nothing, both at datacenter and node level (I only have 1 node).

A) Should the GUI show the default rules?
B) How do I reset to the default rules?
C) Are the default rules not applied because I installed Debian Stretch first, then Proxmox? Or did installing fail2ban mess it up?
 
Did you enabled the Firewall on the Datacenter and Node level?
 
It's all default. At DC level, no, node level, yes:
F8tnbA6.png
 
A) Should the GUI show the default rules?
I think not all rules are present, but you will find some default policys under "DC -> Firewall -> Options". I've checked my own Cluster and cant really find default rules, only the Setup Option - maybe thats all what PVE set in default, but im not 100% sure.
 
  • Like
Reactions: Proxygen

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!