[SOLVED] Firewall traffic

[ixproxmox]

I have enabled fw on a container and it has worked for a long time. Suddenly, I notice that the fw doesn't work anymore! It doesn't block any traffic. Nothing in the firewall log. I don't know when this started - I run some webservices just open to some IPs and random access by a security company and logging of IPs is what revealed it.

What could have gone wrong? So far, I have discovered it for 2 of the hosts and maybe it is like this for all of them. Under Firewall options, the fw is enabled and default policy is Drop.

 

[Moayad]

did you check if the firewall running?

pve-firewall status
systemctl status pve-firewall

can you post the output of the container pct config <vmid>

 

[ixproxmox]

It was running, but systemctl status pve-firewall gave this info - and I think I know why. I removed this alias under Alias a while ago - I also changed it in the firewall rules, so the alias isn't used. But it is left in config-files it seems:

Feb 15 04:02:44 /etc/pve/firewall/112.fw (line 15) - errors in rule parameters: IN Webmin(ACCEPT) -source get
Feb 15 04:02:44 source: no such alias 'office'

In that file, on line 15, I have
IN SMTPS(ACCEPT) -source 192.168.1.0/24

There is no alias office in that file. But this was for another VM that was important. I can see now that the fw is working for some servers, so it is up for other hosts except 2.

Further, running pct config, it is missing ,firewall=1 in the net0 sentence for this vm when compared to the ones working! In the GUI, the fw is activated/checked, but not in the config file. Can I manually activate it somehow? I tried to deactivate it now and activate it again, but still the same firewall=1 missing.

 

[Moayad]

could you please post the output of pveversion -v?

 

[ixproxmox]

proxmox-ve: 6.3-1 (running kernel: 5.4.41-1-pve)
pve-manager: 6.3-3 (running version: 6.3-3/eee5f901)
pve-kernel-5.4: 6.3-3
pve-kernel-helper: 6.3-3
pve-kernel-5.4.78-2-pve: 5.4.78-2
pve-kernel-5.4.65-1-pve: 5.4.65-1
pve-kernel-5.4.41-1-pve: 5.4.41-1
pve-kernel-4.15: 5.4-18
pve-kernel-4.15.18-29-pve: 4.15.18-57
pve-kernel-4.15.18-15-pve: 4.15.18-40
pve-kernel-4.10.17-3-pve: 4.10.17-23
pve-kernel-4.4.62-1-pve: 4.4.62-88
pve-kernel-4.4.19-1-pve: 4.4.19-66
pve-kernel-4.2.2-1-pve: 4.2.2-16
ceph-fuse: 12.2.11+dfsg1-2.1+b1
corosync: 3.0.4-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.16-pve1
libproxmox-acme-perl: 1.0.7
libproxmox-backup-qemu0: 1.0.2-1
libpve-access-control: 6.1-3
libpve-apiclient-perl: 3.1-3
libpve-common-perl: 6.3-2
libpve-guest-common-perl: 3.1-4
libpve-http-server-perl: 3.1-1
libpve-storage-perl: 6.3-4
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.3-1
lxcfs: 4.0.6-pve1
novnc-pve: 1.1.0-1
proxmox-backup-client: 1.0.6-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.4-3
pve-cluster: 6.2-1
pve-container: 3.3-2
pve-docs: 6.3-1
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-3
pve-firmware: 3.1-3
pve-ha-manager: 3.1-1
pve-i18n: 2.2-2
pve-qemu-kvm: 5.1.0-8
pve-xtermjs: 4.7.0-3
qemu-server: 6.3-3
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 0.8.5-pve1

 

[ixproxmox]

The cause was that firewall was set to Off under the VMs network setting.

So while the VMs setting under Firewall was On, the network card setting also had a firewall on/off and this was set to off for some reason.

 

[Moayad]

Glad to solve your issue and thanks for sharing the solution

Have a nice day