How much time do I have to wait for firewalls rules become active ?

[yoss.jackson]

Sorry about my english, not so fluent yet. Recently I installed proxmox 4 and migrated windows server 2008 fisical machine to KVM VM on proxmox, and for some reason need to apply rules to incoming and outcoming traffic of this VM, so, read wiki about proxmox firewalls, eerything ok, BUT when define new rules takes arbitrary amount of time to apply them, sometines 30 seconds, sometines 10 minutes, any help or explanation ?

 

[dietmar]

All rules should apply within 10 seconds. Is there a high load on your servers?

 

[yoss.jackson]

No, there is not. Ok, let's tell the full history. After migrated windows server 2008 fisical machine to KVM VM on proxmox, I cloned it, so, I have two KVM VMs, firewalls are configures whitout rules, just enabled, policy ACCEPT (in & out), here it's de curious thing ...
Ping VM1 ...... NO reply
Ping VM2 ...... REPLY FROM ....
Both VMs have the same firewall configurations .... so ? what's going on here ?

So much interesting .... try to make a RDC (Remote Desktop Connection - Windows ) and both work !!!!
Firewalls inside VM are identical (where cloned), so, any ideas ?

 

[yoss.jackson]

More info, after defined some IPsets, Alias, and Security Groups and apply several rules, notice no one become active ... so, when console con node and execute
pve-firewall stop
pve-firewall start
Invalid chain name 'GROUP-allow_seg_173_128_25-IN' (28 char max)
Invalid chain name 'GROUP-allow_seg_173_128_25-IN' (28 char max)

Made all changes throw web interface, no warning about this ever ... a bug may be ?

 

[dietmar]

Do you use the latest version? If so, please report a bug at bugzilla.proxmox.com. If not, please consider updating.