ipfilter to prevent spoofing


Active Member
Dec 1, 2016
Im trying to configure the IP-filter but so far no luck.

[IPSET ipfilter-net0]

xx.xx.111.42 # net0

With the above config spoofing is still possible. Am I missing a setting?
you need firewall enabled in vm options to get it work. (and firewall enabled on datacenter too)

can you check in


if you have

-m set ! --match-set $ipfilter_ipset src -j DROP
(where $ipfilter_ipset is the ipset-net0 + vmid, not sure about the syntax)

also, do you have enable firewall in vm options AND on network interface in the vm ?


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!