I have activated the firewall in the Datacenter and it works as expected. The nodes use the firewall. However, the containers and VMs ignore the firewall. I have activated the firewall in the conatiner and under Network for the interfaces.
When I add rules to the container itself the rules are applied. But I don't want to copy all the rules into every container.
My example Container:
My cluster Firewall conf:
When I add rules to the container itself the rules are applied. But I don't want to copy all the rules into every container.
My example Container:
Code:
arch: amd64
cores: 1
features: keyctl=1,nesting=1
hostname: smb
memory: 512
mp0: /Trocken/,mp=/mnt/Trocken
mp1: /mnt/Alex,mp=/mnt/Alex
mp2: /Archiv,mp=/mnt/Trocken/Archiv
[B]net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:46:F0:BC,ip=dhcp,type=veth
net1: name=eth1,bridge=vmbr1,firewall=1,hwaddr=BC:24:11:D3:83:41,ip=192.168.1.3/24,type=veth[/B]
onboot: 1
ostype: debian
rootfs: local-lvm:vm-103-disk-0,size=2G
startup: order=2
swap: 512
tags: proxmox-helper-scripts
unprivileged: 1My cluster Firewall conf:
Code:
[OPTIONS]
enable: 1
[IPSET qualyscom] # Tried several times to log in to my HomeAssistant
64.39.96.0/24 # website for testing
64.39.98.0/24
[RULES]
GROUP no-qualyscom
GROUP ssh
IN ACCEPT -p tcp -dport 8006 -log nolog
GROUP webserver
IN DROP -log info
[group no-qualyscom]
IN DROP -source +dc/qualyscom -p icmp -log alert
OUT DROP -dest +dc/qualyscom -p icmp -log alert
OUT DROP -dest +dc/qualyscom -log alert
IN DROP -source +dc/qualyscom -log alert
[group ssh]
IN SSH(ACCEPT) -source 192.168.200.0/21 -log nolog
[group webserver]
IN HTTP(ACCEPT) -log nolog
IN HTTPS(ACCEPT) -log nolog
Last edited:
