Hello Team,
Need help in my PVE 8.3.0
I get the following entry in my lynis scan. My cluster, node and vm .fw files has active rules. How do i verify that rules are active and FW screens my packets ? Appreciate your response in advance.
1. iptables module(s) loaded, but no rules active [FIRE-4512]
pve-firewall status
Status: enabled/running (pending changes)
iptables-save
# Generated by iptables-save v1.8.9 on Fri Nov 29 10:46:51 2024
*filter
:INPUT ACCEPT [21671:9174770]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15266:13551405]
COMMIT
# Completed on Fri Nov 29 10:46:51 2024
# Generated by iptables-save v1.8.9 on Fri Nov 29 10:46:51 2024
*raw
REROUTING ACCEPT [24242:9787292]
:OUTPUT ACCEPT [15284:13552675]
-A PREROUTING -i fwbr+ -j CT --zone 1
COMMIT
# Completed on Fri Nov 29 10:46:51 2024
# Generated by iptables-save v1.8.9 on Fri Nov 29 10:46:51 2024
*nat
REROUTING ACCEPT [1647:398151]
:INPUT ACCEPT [217:13161]
:OUTPUT ACCEPT [133:9703]
OSTROUTING ACCEPT [133:9703]
-A POSTROUTING -s x.x.x/24 -o vmbr0 -j SNAT --to-source y.y.y.y
COMMIT
# Completed on Fri Nov 29 10:46:51 2024
systemctl status proxmox-firewall
● proxmox-firewall.service - Proxmox nftables firewall
Loaded: loaded (/lib/systemd/system/proxmox-firewall.service; enabled; preset: e>
Active: active (running) since Fri 2024-11-29 09:04:00 +0530; 1h 51min ago
-m
Need help in my PVE 8.3.0
I get the following entry in my lynis scan. My cluster, node and vm .fw files has active rules. How do i verify that rules are active and FW screens my packets ? Appreciate your response in advance.
1. iptables module(s) loaded, but no rules active [FIRE-4512]
pve-firewall status
Status: enabled/running (pending changes)
iptables-save
# Generated by iptables-save v1.8.9 on Fri Nov 29 10:46:51 2024
*filter
:INPUT ACCEPT [21671:9174770]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15266:13551405]
COMMIT
# Completed on Fri Nov 29 10:46:51 2024
# Generated by iptables-save v1.8.9 on Fri Nov 29 10:46:51 2024
*raw
REROUTING ACCEPT [24242:9787292]:OUTPUT ACCEPT [15284:13552675]
-A PREROUTING -i fwbr+ -j CT --zone 1
COMMIT
# Completed on Fri Nov 29 10:46:51 2024
# Generated by iptables-save v1.8.9 on Fri Nov 29 10:46:51 2024
*nat
REROUTING ACCEPT [1647:398151]:INPUT ACCEPT [217:13161]
:OUTPUT ACCEPT [133:9703]
OSTROUTING ACCEPT [133:9703]-A POSTROUTING -s x.x.x/24 -o vmbr0 -j SNAT --to-source y.y.y.y
COMMIT
# Completed on Fri Nov 29 10:46:51 2024
systemctl status proxmox-firewall
● proxmox-firewall.service - Proxmox nftables firewall
Loaded: loaded (/lib/systemd/system/proxmox-firewall.service; enabled; preset: e>
Active: active (running) since Fri 2024-11-29 09:04:00 +0530; 1h 51min ago
-m