Firewall question limit IP to port 8006

[Lucky Man]

i use DataCenter Firewall, i found out, i just block 8006, but ssh also blocked, have to create 1 rule for SSH to allow, is it mean that if create a rule, the default behavior will block other?

but i use another IP can access port 8006. so weird , using PVE version 9.1.1

 

[shanreich]

but i use another IP can access port 8006. so weird , using PVE version 9.1.1

The firewall automatically allows certain traffic for the management network, see [1] and [2].

You can find out the local_network via:

pve-firewall localnet

i use DataCenter Firewall, i found out, i just block 8006, but ssh also blocked, have to create 1 rule for SSH to allow, is it mean that if create a rule, the default behavior will block other?

Not sure I understand correctly, but if the default input policy is DROP, then you need to create an explicit allow rule for SSH for non-management IPs.

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pve_firewall_default_rules