I'm running PVE 4.4-22 and want to enable the firewall on one of my VMs so that it drops all but some ports on its WAN network interface.
Using the GUI, I have enabled the firewall on the datacenter, at node 'host' and on the VM. The input policy on the VM is DROP. I have also enabled the firewall on the relevant network interface and restarted the VM.
pve-firewall status shows Status: enabled/running
However, the VM is still accepting requests on all ports.
Here is what I have in /etc/pve/firewall/102.fw
[OPTIONS]
enable: 1
macfilter: 0
[RULES]
IN DROP
IN ACCEPT -p ipv6-icmp
IN ACCEPT -p icmp
IN ACCEPT -p ipv6
IN POP3S(ACCEPT)
IN IMAPS(ACCEPT)
IN SSH(ACCEPT)
IN Mail(ACCEPT)
What do I need to do in order to get the firewall to work?
Thanks.
EDIT: The DROP rule needs to be at the bottom, not the top of the list. Solved.
Using the GUI, I have enabled the firewall on the datacenter, at node 'host' and on the VM. The input policy on the VM is DROP. I have also enabled the firewall on the relevant network interface and restarted the VM.
pve-firewall status shows Status: enabled/running
However, the VM is still accepting requests on all ports.
Here is what I have in /etc/pve/firewall/102.fw
[OPTIONS]
enable: 1
macfilter: 0
[RULES]
IN DROP
IN ACCEPT -p ipv6-icmp
IN ACCEPT -p icmp
IN ACCEPT -p ipv6
IN POP3S(ACCEPT)
IN IMAPS(ACCEPT)
IN SSH(ACCEPT)
IN Mail(ACCEPT)
What do I need to do in order to get the firewall to work?
Thanks.
EDIT: The DROP rule needs to be at the bottom, not the top of the list. Solved.
Last edited: