We want to prevent situations where a VM either gets infected with malware or a user intentionally uses tools to spoof/change the IP address within the same IP range assigned to their order. This behavior can lead to:
Use the Proxmox Firewall IPSET feature to drop all traffic from a VM if it uses an IP different from the one assigned in the original order.
Guidance or best practices to implement this kind of IP enforcement using Proxmox Firewall with IPSET, possibly via hook scripts or any recommended method.
Thanks in advance!
- IP conflicts (duplicate IPs),
- Outbound DDoS attacks,
- Overall negative impact on infrastructure and other customers.
Use the Proxmox Firewall IPSET feature to drop all traffic from a VM if it uses an IP different from the one assigned in the original order.
Requirements:
- If the VM is configured with the correct assigned IP, it should be allowed normal inbound/outbound traffic.
- If the VM uses a spoofed or incorrect IP, it should be blocked from all network access (no inbound or outbound connections).
- The check should apply at the VM level.
- We only need to verify the IP address (not the NIC name or other NIC parameters).
- This should apply to both net0, net1, etc.
Guidance or best practices to implement this kind of IP enforcement using Proxmox Firewall with IPSET, possibly via hook scripts or any recommended method.
Thanks in advance!
Last edited:
