Firewall not working followed tutorial...

A

Aron Dijkstra

Well-Known Member
Proxmox Subscriber
Aug 6, 2016
41
1
48
44
Hi,

I activated the firewall on the datacenter level, set input on accept, enabled it on the Node level (no config) and enabled the firewall on the network of the VM. I created a rule (input, drop and enabled) and enabled the firewall. but still the whole node is reachable on the net.

I tested if firewalling was enabled (console: pve-firewall status) it told me that it was enabled and running.

What am i dooing wrong?

Aron
 
Hi,

have you also checked the firewall checkbox on the nic?
 
Hi,

Yes, also the NIC of the VM has Firewall enabled. I even restarted the VM to see if that makes any diffrence.
I looked at the iptables and see a whole lot of rules.

Aron
 
can you send the following files?
/etc/pve/qemu-server/<VMID>.conf
/etc/pve/nodes/<nodename>/host.fw
/etc/pve/firewall/<vmid>.fw
 
bootdisk: virtio0
cores: 1
ide2: none,media=cdrom
memory: 8192
name: testbak
net0: virtio=82:71:6F:4C:1C:C1,bridge=vmbr0,firewall=1,tag=1103
numa: 0
ostype: l26
smbios1: uuid=b824a47f-273c-435a-a8b2-3dc30260af0f
sockets: 1
virtio0: images:101/vm-101-disk-1.qcow2,size=80G

there is no host.fw only: lrm_status lxc openvz priv pve-ssl.key pve-ssl.pem qemu-server
But i just verified, the Firewall is enabled on the host. I only did not make any drop or forward configuration here.

[OPTIONS]

ipfilter: 1
enable: 1

[RULES]

IN DROP
 
You have no rules in your VM Firewall conf.
What rules do you apply and where do you do this?
what is in the cluster.fw
/etc/pve/firewall/cluster.fw
 
Yes i have a rule in my VM config.
IN DROP it is also included in the 101.fw as described above. I'm making a test to block everything. So i know everything works.

I did make the changes at the web GUI.

Cluster.fw:
[OPTIONS]

policy_in: ACCEPT
enable: 1

[RULES]

IN ACCEPT -p tcp -dport 22
IN ACCEPT -p tcp -dport 8006
 
Last edited:
I missed this with DROP.
how do you test?
Because a connection what is established will stay open.
 
I came into the office now.
Before testing i checked the Input drop.
Started a ping. and no reply, after that i disabled the input drop. still no reply even after 4 minuts no reply.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back