[SOLVED] How to deactivate the Firewall by console/terminal

Simposs

New Member
Feb 28, 2024
2
0
1
Germany
www.tacklexperts.de
Hello there! Sadly I am one of the donkeys who activated the Proxmox-Ve Firewall on his dedicated Server before adding a rule for the Backend or SSH.
Now I'm searching for a way to disable the Firewall or change it's rules by using a termin.
My hoster allows me to mount the pve LVM (vg0-root I think) in a rescue system so I could possibly change something to make it work again.

I already located the /etc/pve folder but its empty for me... is that possible or did I just mounted a wrong volume?

Best Regards
Simon
 
Hello there! Sadly I am one of the donkeys who activated the Proxmox-Ve Firewall on his dedicated Server before adding a rule for the Backend or SSH.
There are hidden anti-lockout-rules in place. As long as you didn't create a custom rule to block port 22, before enabling the firewall, you should still be able to ssh in. See:
https://pve.proxmox.com/wiki/Firewall#pve_firewall_default_rules

Now I'm searching for a way to disable the Firewall or change it's rules by using a termin.
My hoster allows me to mount the pve LVM (vg0-root I think) in a rescue system so I could possibly change something to make it work again.

I already located the /etc/pve folder but its empty for me... is that possible or did I just mounted a wrong volume?
/etc/pve is a special filesystem backed by a SQLite DB. Without the pve cluster service running it won't be mounted and you can't change config files. See: https://pve.proxmox.com/wiki/Proxmox_Cluster_File_System_(pmxcfs)
 
  • Like
Reactions: Simposs
Thanks for your reply , I just managed to change my Firewall-Settings quick and dirty by adding
Code:
* * * * *  root pve-firewall stop
to /etc/crontab.
The hint with the anti-lockout rule came seconds to late but I promise I will try that next time when I made the same mistake again, because who am I to not do the same mistake again and gain :)

Best regards
Simon