Firewall in Cluster

Ashley

Member
Jun 28, 2016
267
15
18
34
Currently:

DC Level :Firewall disabled (default)
Node Level : Firewall enabled (default)

Questions:

1/ With it disabled at DC Level will that also mean the firewall is automatically force ably disabled system wide?
2/ If I enabled firewall at DC level then the firewall will start to work at Node level and below when enabled
3/ I am using CEPH on my cluster (storage is on a separate network), do I need to do anything on the node FW to make sure it does not block the CEPH traffic? Or is the firewall only default active on the vmbr0 interface?

Thanks
 
1/ With it disabled at DC Level will that also mean the firewall is automatically force ably disabled system wide?

Yes

2/ If I enabled firewall at DC level then the firewall will start to work at Node level and below when enabled

yes

3/ I am using CEPH on my cluster (storage is on a separate network), do I need to do anything on the node FW to make sure it does not block the CEPH traffic? Or is the firewall only default active on the vmbr0 interface?

There is a macro to enable ceph traffic.
 
Do you have a link to this "macro" within the WIKI/DOCS as I have had a look but can't see anything, or am I better just adding the CEPH port's required into the Firewall config manually?

# man pve-firewall
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!