How do I firewall a VM?

[tomstephens89]

Hi guys,

First time using the proxmox firewall and I need some guidance.

I have created a security group with an allow rule for SSH and the web interface at the datacenter level, inserted it and have enabled the firewall.

Now I want to protect one of my kvm VM's with the PVE firewall. I have enabled the firewall for the virtual machine and its default is set to REJECT, however traffic can still get through. What do I need to do to apply the firewall to my VM's with a default REJECT? I want to define ACCEPT rules to allow only the ports I specify and reject everything else.

 

[tomstephens89]

I have just realised that I didn't enable the firewall in Hardware > NIC > Firewall.

I checked the box and it now works as expected. I do have a question though.

When creating rules in the firewall tab of an individual VM, I assume this is a seperate chain just for this VM and is not host or datacentre wide yes?

Also, can someone tell me about the different firewall log levels?

 

[dietmar]

When creating rules in the firewall tab of an individual VM, I assume this is a seperate chain just for this VM and is not host or datacentre wide yes?

yes

Also, can someone tell me about the different firewall log levels?

Those log levels are just passed to the syslog service.

 

[tomstephens89]

Thanks, but what does each of the log levels give me in terms of information. If I want to see DROP packets for example, what level do I need?

yes



Those log levels are just passed to the syslog service.