ipfilter to prevent spoofing

arcanatigris

Active Member
Dec 1, 2016
15
3
43
Netherlands
Im trying to configure the IP-filter but so far no luck.

/etc/pve/firewall/102.fw
Code:
[IPSET ipfilter-net0]

xx.xx.111.42 # net0

With the above config spoofing is still possible. Am I missing a setting?
 
you need firewall enabled in vm options to get it work. (and firewall enabled on datacenter too)

can you check in

#iptables-save

if you have

-m set ! --match-set $ipfilter_ipset src -j DROP
(where $ipfilter_ipset is the ipset-net0 + vmid, not sure about the syntax)


also, do you have enable firewall in vm options AND on network interface in the vm ?