Firewall for VMs

hartings

New Member
Feb 19, 2021
1
0
1
34
Hey guys,

I'm a little confused by the firewall settings in the Proxmox VE 6 GUI.
I only have the role PVEVMAdmin, therefore I can only manage my VMs.

My goal is to have 3 VMs on an "internal" network with all outgoing traffic block/drop expect SSH to VM1.
Currently, the firewall is enabled on each VM and on the specific interfaces. The output policy is set to DROP and I added the following rule via the web interface.
  • Type: out
  • Action: ACCEPT
  • Macro: SSH
  • Destination: (IP/Alias of VM1)
However, it is still possible for all VMs to reach the ssh servers of VM2/3 and the web servers of VM1/2/3.

I haven't yet tested if it works with inbound rules.

Your input is apreciated.

Kind regards,
Robert
 
Hello,

have you found a solution? - If no, please send the config for your VMs and the output of firewall status and node version as well:

Code:
qm config <VMID>
pve-firewall status
systemctl status pve-firewall.service
pveversion -v
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!