Hello,
I have some trouble with the Firewall on CTs.
1. Firewall on datacenter is enabled
2. Firewall on datacenter is configured to drop incomming traffic
3. Firewall on all (3) hosts (in cluster) is enabled
4. Firewall on CT network adapter is enabled
5. Firewall on CT is enabled
6. Firewall an CT is configured to drop incomming traffic
7. Firewall rule for Ping drop is created
But the CT is possible to ping? Any ports seems to be open.
Some debug:
Edit: iptables for CT:
Can give me anyone a tip? On some other single hosts the Firewall for CTs is working.
I have found that
on each host fixed it, but where comes the bug? It's very bad when ports are open that shloud closed...?
I have some trouble with the Firewall on CTs.
1. Firewall on datacenter is enabled
2. Firewall on datacenter is configured to drop incomming traffic
3. Firewall on all (3) hosts (in cluster) is enabled
4. Firewall on CT network adapter is enabled
5. Firewall on CT is enabled
6. Firewall an CT is configured to drop incomming traffic
7. Firewall rule for Ping drop is created
But the CT is possible to ping? Any ports seems to be open.
Some debug:
Code:
Firewall on hosts are working, there are not able to ping.
root@host01:~# pve-firewall status
Status: enabled/running
root@host02:~# pve-firewall status
Status: enabled/running
root@host03:~# pve-firewall status
Status: enabled/running
Network configuration on Hosts have no post-up / post-down rules.Edit: iptables for CT:
Code:
Chain veth100i0-IN (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
PVEFW-Drop all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
all -- 0.0.0.0/0 0.0.0.0/0 /* PVESIG: */Can give me anyone a tip? On some other single hosts the Firewall for CTs is working.
I have found that
Code:
pve-firewall restart
Last edited:
