Locking down management/web GUI to Tailscale

[altano]

Hello,

I'm trying to figure out how to lock down my server so that it can only be administered from Tailscale. I don't have the option of putting the server behind a firewall as it's being colocated directly on public internet.

I created a "management" ipset which, as far as I can gather from other threads, will override the virtual one created for the web GUI + ssh exemptions that are invisible (in the UI). I restricted the ipset to the tailscale CGNAT ip range and enabled the firewall:

$ cat /etc/pve/firewall/cluster.fw

[OPTIONS]

enable: 1

[IPSET management]

100.64.0.0/10 # tailscale

[RULES]

IN ACCEPT -p tcp -dport 22 -log nolog # ssh
IN ACCEPT -source +dc/management -log nolog # tailscale management

My expectation is that after doing this I would no longer be able to access the web GUI from my LAN, only through the Tailscale cgnat. But that isn't the case: I can (from other machines on the same private LAN, but not on tailscale) run curl --insecure https://192.168.0.86:8006/ just fine.

What am I missing?

 

[altano]

Here's everything that looks relevant in iptables-save:

# iptables-save | grep 8006
-A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 8006 -j RETURN
-A PVEFW-HOST-OUT -d 192.168.0.0/24 -p tcp -m tcp --dport 8006 -j RETURN

# iptables-save | grep PVEFW-0-management-v4
-A PVEFW-HOST-IN -m set --match-set PVEFW-0-management-v4 src -j RETURN
-A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 8006 -j RETURN
-A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 5900:5999 -j RETURN
-A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 3128 -j RETURN
-A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 22 -j RETURN
-A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 60000:60050 -j RETURN

 

[altano]

And /var/log/pveproxy/access.log has this entry for the curl request from LAN:

::ffff:192.168.0.96 - - [21/07/2025:23:15:14 -0700] "GET / HTTP/1.1" 200 2521

 

[altano]

Oh, I see the problem:

# ipset list

Name: PVEFW-0-management-v4
Type: hash:net
Revision: 7
Header: family inet hashsize 64 maxelem 64 bucketsize 12 initval 0x7a95b7b9
Size in memory: 552
References: 5
Number of entries: 2
Members:
100.64.0.0/10
192.168.0.0/24

192.168.0.0/24 is being appended to my ipset despite my not defining it:



If locking down a port is this hard, Proxmox maybe shouldn't even have a firewall

 

[altano]

Looks like this behavior is at least documented:

https://pve.proxmox.com/pve-docs-9-..._ip_set_span_class_monospaced_management_span

The local cluster network is automatically added to this IP set (alias `cluster_network`), to enable inter-host cluster communication. (multicast,ssh,…)

the question is... how do I change this behavior? Can I alias cluster_network myself somehow? (setting my own alias with the same name doesn't seem to fix it). Something else?

 

[altano]

Someone on reddit mentioned aliasing local_network to block gui access, so I thought I'd try it and... it works!

I aliased local_network to my tailscale cidr 100.64.0.0/10:


and then the management ipset no longer has the local LAN IP appended:

# ipset list
...
Name: PVEFW-0-management-v4
Type: hash:net
Revision: 7
Header: family inet hashsize 64 maxelem 64 bucketsize 12 initval 0x01bb47a4
Size in memory: 504
References: 6
Number of entries: 1
Members:
100.64.0.0/10

and the web GUI no longer works from the LAN, as desired:

curl --insecure https://192.168.0.86:8006/

I guess the ipset documentation is wrong and local_network is appended, NOT cluster_network