How to allow broadcase VM IP in PVE Cluster Firewall

chengkinhung

Well-Known Member
Feb 11, 2016
53
10
48
24
Hi, Guys, I just enable the PVE Cluster Firewall , and found there is one default rules on Chain PVEFW-smurfs and PVEFW-smurflog blocked some of broadcast network packages, it me caused my load balancer IP setup in VM encounter issue, could any one tell how can I disable this rules or modify it ? Thanks.

Here is iptables Chain PVEFW-smurfs and PVEFW-smurflog :
Code:
# iptables -n -v -L PVEFW-smurfs
Chain PVEFW-smurfs (2 references)
 pkts bytes target     prot opt in     out     source               destination
15131 5268K RETURN     all  --  *      *       0.0.0.0              0.0.0.0/0
    0     0 PVEFW-smurflog  all  --  *      *       0.0.0.0/0            0.0.0.0/0           [gotYPE match src-type BROADCAST
    0     0 PVEFW-smurflog  all  --  *      *       224.0.0.0/4          0.0.0.0/0           [got
1015K   60M            all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* PVESICBXd5mc9kC88749+7fag */

Chain PVEFW-smurflog (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* PVESIG:2gfT1VMkfr0JL6OccRXTGXo+1qk */
 
on the host level you can configure whether SMURFS filtering is enabled or not..
 
Hi, @fabian , thanks for your reply. I found the "SMURFS filter" option in Firewall of Host node. I also added the "nf_conntrack_allow_invalid: 1" into /etc/pve/nodes/NODE/host.fw
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!