Background: We run PVE with a couple of LXCs and VMs with one LXC representing a reverse proxy for the different backend services.
I was wondering if I could run Fail2Ban on the backends wich would then block/release IPs on the PVE-host by modifying a specific IPset. However, it seems I cannot grant permissions to Cluster > Firewall > IPset > Name... am I overlooking something?
Is there an alternative solution? I know I could uses restricted ssh but I'm not keen on it.
I was wondering if I could run Fail2Ban on the backends wich would then block/release IPs on the PVE-host by modifying a specific IPset. However, it seems I cannot grant permissions to Cluster > Firewall > IPset > Name... am I overlooking something?
Is there an alternative solution? I know I could uses restricted ssh but I'm not keen on it.