[SOLVED] Firewall not working

Mukesh

New Member
Feb 8, 2020
2
1
3
43
Hi Guys, I am using Proxmox 5.4. For one of my VM I have configured firewall rule to block all IP except IPs configured in IPSet. From few days my firewall stopped working. I haven't done any changes but I am not sure if any other team member by mistake did some changes. Could anyone point me what and where to check? Thanks in advance..
 
I would like to report that I too had this issue. Also resolved it by restarting the firewall. Easy fix, but quite a serious issue when you believe you Cluster/Nodes/VMs/containers are protected with firewall, and you by incident reports noticed that this is not the case. Thank you Mukesh for linking and reporting, was looking everywhere for a solution..
 
You're not the first and you should keep an eye on this issue because it will likely happen again.
 
I am having the same issue, new proxmox 7.0
On the VM/firewall, i make a change to a policy and it get implemented,
but then the next change I make does not get implemented.
I restart the service with
Code:
service pve-firewall restart
and the issue persists.

I have to disable and enable the firewall option under VM/Hardware/Network Device/firewall
after that the most recent changes get enabled, and sometimes that doesnt even work, it take about a min or two for changes to take effect.


maybe a bug?
 
Hello
I also try for the first time the firewall fonction in Proxmox, until now I was making iptables scripts...

Well it seems to work as expected for the node and even for LXC Container but no luck for Qemu VM... I tried to restart the services, the tested guests and even the full host but no success...
It's not a huge deal as I have my iptables script that works very well but there's a nice graphical interface and I think it's too bad to not enjoying it !
I'm on the last version PVE 7.1-8
 
I answer to myself, the reason it was not working was very stupid but there is a box to check in the hardware section to activate the firewall...
I never saw it because at the time I created the VM it was not existing... (yes it's long time ago)
Anyway, everything works as it's supposed to now, thank you for this very powerful tool, I was fine with my iptables scripts but that's way better, so thanks for the good product
 
Don't you maybe mean to say in the "Options" section under "Firewall" after selecting the virtual machine? I don't see anything in the hardware section related to this.
I'm encountering the same issue and I've no idea what's going on. I've activated the firewall for all virtual machines, but it seems that it works only on a single virtual machine, for *whatever* reason. Restarting the firewall service and even rebooting the whole host has had no effect. And this is on 8.1.3.

[Later edit:]
Well, your post at least allowed me to search in the right place after all. You have to enable the firewall for each network device of the virtual machine. There's a checkbox in the network interface option. I had no idea. The documentation is also lacking: https://pve.proxmox.com/wiki/Firewall

It would have been great it this were mentioned here. Thanks.
 
Last edited:
I'm unlucky, too. To activate the firewall:

- Activate Firewall under datacenter -> Firewall -> Options
- Activate Firewall under <node name> -> Firewall -> Options (NOT neccessary as stated in the following post)
- Activate Firewall under lxc/VM > Firewall -> Options
- Activate Firewall under lxc/VM > Network -> Network Interface Card -> Firewall (set checkmark)

If you miss one, firewall is not activated!
 
Last edited:
Just as a note: you don't need to enable the Firewall at the node level in order to protect the virtual machines or the containers. It's enough to enable it at the datacenter level. Enabling it at the node level is a good idea to protect the node itself, sure, but many rules at the datacenter level means also restricting access to the nodes themselves (administrative interface, ssh, etc.)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!