How to combine LFD with cluster level firewall?

justjosh

Well-Known Member
Nov 4, 2019
103
2
58
59
I'm getting a bunch of BF attacks on my HV's ports. I tried using CSF but it messes up connectivity on the VM level. VMs have their own public facing IPs.
 
sorry but what does:
* LFD
* BF
* CSF

mean?!

I assume HV means hypervisor and VM means virtual machine
 
We do LFD with fail2ban on each guest, so that it adds a layer to the general firewall on the PVE side (only allow what we want and do virtual DMZ). The PVE firewall itself is "just" the stateless iptables firewall, so it is not and will not be able to do more than that.

You can however insert a new chain/table in INPUT/FORWARDING and do your own stuff.
 
  • Like
Reactions: Stoiko Ivanov
We do LFD with fail2ban on each guest, so that it adds a layer to the general firewall on the PVE side (only allow what we want and do virtual DMZ). The PVE firewall itself is "just" the stateless iptables firewall, so it is not and will not be able to do more than that.

You can however insert a new chain/table in INPUT/FORWARDING and do your own stuff.
Do you use popular blacklists as well? Might be a little intrusive on the guests? Would the popular blacklists save a lot of headache?
 
Hi. Sorry to jump on this post but I am quite interested in the fail2ban/csf/lfd on the lxc containers.
We currently run CSF on the host and on the containers with public and private ip address at OVH. We understand the firewall part is somehow redundant on the private (10.0.0.X) containers as all we see on the firewall part is reports of ips trying to reach the PVE host.
I am wondering if you found a way for CSF only to act on the local IP part on the container.

On the other hand on the LFD part we are considering using its advance regexp rules to monitor logs to ban IPs that get reported on httpd servers log for example in the manner of fail2ban as I thought you could not used LFD and fail2ban at the same time. Thanks.