Node Firewall Runs on At Every Boot Despite Disabling Via GUI

Gopher

Member
Jan 6, 2020
4
0
6
40
I'm a little perplexed as to the expected behavior of disabling the firewall for troubleshooting purposes. I've left the default for the datacenter firewall as NO. And for my node the firwall was shown as on in the GUI so I toggled it to NO. Yet, if I reboot Proxmox and check the firewall status via shell I see the following:

pve-firewall status
Status: disabled/running

So then I run:
pve-firewall stop
pve-firewall status
Status: disabled/stopped

Which appears to truly disable the firewall. Yet, on reboots it reverts back to "Status: disabled/running." Is this expected behavior? I've done two ProxMox installs, one was ver 5 and the latest is this version 6.1-3 and both behave this way.

Annotation 2020-01-06 003526.gif
 
That is expected. Then firewall daemon still runs (doing nothing) unless you manually disable the systemd service.
 
Okay. I hadn't done ping tests to confirm ports weren't being blocked while it the shell command still showed it was running and instead was just running pve-firewall stop each time.

If I understand you correctly the daemon will show "running" yet the iptables are already toggled to not block anything per the change from the GUI. I appreciate your help.