Node Firewall Runs on At Every Boot Despite Disabling Via GUI

Gopher

Member
Jan 6, 2020
4
0
6
39
I'm a little perplexed as to the expected behavior of disabling the firewall for troubleshooting purposes. I've left the default for the datacenter firewall as NO. And for my node the firwall was shown as on in the GUI so I toggled it to NO. Yet, if I reboot Proxmox and check the firewall status via shell I see the following:

pve-firewall status
Status: disabled/running

So then I run:
pve-firewall stop
pve-firewall status
Status: disabled/stopped

Which appears to truly disable the firewall. Yet, on reboots it reverts back to "Status: disabled/running." Is this expected behavior? I've done two ProxMox installs, one was ver 5 and the latest is this version 6.1-3 and both behave this way.

Annotation 2020-01-06 003526.gif
 
That is expected. Then firewall daemon still runs (doing nothing) unless you manually disable the systemd service.
 
Okay. I hadn't done ping tests to confirm ports weren't being blocked while it the shell command still showed it was running and instead was just running pve-firewall stop each time.

If I understand you correctly the daemon will show "running" yet the iptables are already toggled to not block anything per the change from the GUI. I appreciate your help.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!