Firewall default rules

[dafydd]

I've set up a new Proxmox 3.4 server in order to migrate some older hosts.

Previously I've been using a custom iptables firewall script to restrict access to the host and VM guests. Now I'm interested in using the inbuilt firewall so that I maintain the rules across the cluster.

I have one Linux container VM which responds on port 80.

I've configured the host firewall to allow SSH and port 8006 from my office IP only.
The VM firewall allows incoming HTTP from all.

When I run an nmap scan against the VM, it shows port 43 in a closed state and port 80 open as expected.

PORT STATE SERVICE
43/tcp closed whois
80/tcp open http

Ideally I would want all requests to be DROPped except the ports I specify. There seems to be something in the default iptables rules for port 43 but I don't understand what this chain does.

Chain PVEFW-Drop (2 references)
target prot opt source destination
PVEFW-reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:43


Chain PVEFW-Reject (0 references)
target prot opt source destination
PVEFW-reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:43


I can't override these rules with my own ones so I'm just wondering why the rules are there and if I can do anything about it.

 

[dietmar]

I can't override these rules with my own ones so I'm just wondering why the rules are there and if I can do anything about it.

Those are rules to avoid logging of dropped Whois queries - nothing you should care about.

 

[dafydd]

Those are rules to avoid logging of dropped Whois queries - nothing you should care about.

Thanks very much for the feedback. Although I would care about if it's raised in a PCI security scan (even though it's a closed port). I'll investigate to see if I can override that rule in the custom config.