protocol "all" in proxmox firewall rule ?

RolandK

Renowned Member
Mar 5, 2019
959
190
88
51
hello ,

i want to add a rule which specifically allows one port/protocol and a second rule which denies all other ports/protocols.

for the destination port, i can choose "any", but in "protocol" input box, i can ony choose one specific protocoll, but not "all".

iptables manpage is telling:

[!] -p, --protocol protocol
The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, udplite, icmp, icmpv6,esp, ah, sctp, mh or the special keyword "all", or it can be a numeric value, representing one of these protocols or a different one. A protocol name from /etc/protocols is also allowed. A "!" argument before the protocol inverts the test. The number zero is equiv‐alent to all. "all" will match with all protocols and is taken as default when this option is omitted. Note that, in ip6tables, IPv6 extension headers except esp are not allowed. esp and ipv6-nonext can be used with Kernel version 2.6.11 or later. The number zero is equivalent to all, which means that you cannot test the protocol field for the value 0 directly. To match on a HBH header, even if it were the last, you cannot use -p 0, but always need -m hbh.

shouldn't "all" be an option there ?

would a RFE be accepted for this?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!