Hello everyone
I have a custom firewall rule for a few VMs that I can't enter in the GUI.
The most elegant way would be to load it directly at startup by "post-up" in the /etc/network/interfaces file.
The rule looks like this:
Unfortunately, I get the following message at startup: (journalctl -b | grep vmbr4)
It looks like no rule chain is created by Proxmox when the network is loaded, so of course the command fails.
Reloading the Interfaces later with
How do you handle such special rules? Theoretically, it would be enough to apply the rule when the VM is starting.
I have a custom firewall rule for a few VMs that I can't enter in the GUI.
The most elegant way would be to load it directly at startup by "post-up" in the /etc/network/interfaces file.
The rule looks like this:
ip6tables --insert tap181i0-IN -m mac ! --mac-source 06:45:0c:4e:93:9a -j DROPUnfortunately, I get the following message at startup: (journalctl -b | grep vmbr4)
Code:
Feb 06 08:12:16 he01-pve networking[1565]: warning: vmbr4: post-up cmd '/usr/sbin/ip6tables --insert tap181i0-IN -m mac ! --mac-source 06:45:0c:4e:93:9a -j DROP' failed: returned 1 (ip6tables: No chain/target/match by that name.It looks like no rule chain is created by Proxmox when the network is loaded, so of course the command fails.
Reloading the Interfaces later with
ifreload -a does apply the rule.How do you handle such special rules? Theoretically, it would be enough to apply the rule when the VM is starting.