I have been create a LXC container with enabled 'firewall' (attached image) and all other options by default(!). My VM.fw next:
Now, i am checking firewall rules for interfaces in this VM:
Ports 67,68??? But DHCP was disabled by default! (look at attached image)
To resolve this bug I make in GUI 'enable, OK, disable, OK' for DHCP option. Now my VM.fw has explicit definition for DHCP option:
Checking firewall rules again:
It's all right.
Is this a bug?
Code:
root@pve:~# cat /etc/pve/firewall/120.fw
[OPTIONS]
enable: 1
Code:
exists veth120i0-IN (MdXshSidEihaLE7OpiTgIGGldkk)
-A veth120i0-IN -p udp --dport 68 --sport 67 -j ACCEPT
-A veth120i0-IN -j PVEFW-Drop
-A veth120i0-IN -j DROP
exists veth120i0-OUT (uJMd6DURdH7pmpw+5X9q53s9WnI)
-A veth120i0-OUT -p udp --dport 67 --sport 68 -g PVEFW-SET-ACCEPT-MARK
-A veth120i0-OUT -m mac ! --mac-source 6E:14:92:52:FD:F4 -j DROP
-A veth120i0-OUT -j MARK --set-mark 0x00000000/0x80000000
-A veth120i0-OUT -g PVEFW-SET-ACCEPT-MARKTo resolve this bug I make in GUI 'enable, OK, disable, OK' for DHCP option. Now my VM.fw has explicit definition for DHCP option:
Code:
root@pve:~# cat /etc/pve/firewall/120.fw
[OPTIONS]
dhcp: 0
enable: 1
Code:
exists veth120i0-IN (GiPAm9L6UAAIxfS/Yq/45RWuA9A)
-A veth120i0-IN -j PVEFW-Drop
-A veth120i0-IN -j DROP
exists veth120i0-OUT (PMh1lDTxSDoWo94QTLonRF+LrN8)
-A veth120i0-OUT -m mac ! --mac-source 6E:14:92:52:FD:F4 -j DROP
-A veth120i0-OUT -j MARK --set-mark 0x00000000/0x80000000
-A veth120i0-OUT -g PVEFW-SET-ACCEPT-MARKIs this a bug?
