Hello,
I enabled the firewall in datacenter, node and container and I can see quite a few iptables rules loaded and some new PVE chains. The problem is that I created a rulea for a container and I can not see that rule in iptables.
This is the rule:
But I can not see that rule in the node:
pve1# iptables -nvL | grep 8888
pve1#
And iptables in the container is also empty (after trying pct stop & start):
root@101:~# iptables -nvL
Chain INPUT (policy ACCEPT 4 packets, 148 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7 packets, 316 bytes)
pkts bytes target prot opt in out source destination
The rules are shown in the config file:
# cat /etc/pve/firewall/101.fw
[OPTIONS]
enable: 1
[RULES]
IN DROP -p tcp -dport 8888
IN ACCEPT -p tcp -dport 22
IN DROP
Tried restarting the daemon several times with no luck:
service pve-firewall restart
I am using Virtual Environment 4.3-1
I enabled the firewall in datacenter, node and container and I can see quite a few iptables rules loaded and some new PVE chains. The problem is that I created a rulea for a container and I can not see that rule in iptables.
This is the rule:
But I can not see that rule in the node:
pve1# iptables -nvL | grep 8888
pve1#
And iptables in the container is also empty (after trying pct stop & start):
root@101:~# iptables -nvL
Chain INPUT (policy ACCEPT 4 packets, 148 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 7 packets, 316 bytes)
pkts bytes target prot opt in out source destination
The rules are shown in the config file:
# cat /etc/pve/firewall/101.fw
[OPTIONS]
enable: 1
[RULES]
IN DROP -p tcp -dport 8888
IN ACCEPT -p tcp -dport 22
IN DROP
Tried restarting the daemon several times with no luck:
service pve-firewall restart
I am using Virtual Environment 4.3-1