Proxmox Firewall IPSet do not block

A

Adam-M

New Member
Oct 16, 2015
3
0
1
Hello,

I just tried all the day to get it work, but the firewall function IPSet do not work for me.
So if I enter a IP to the blacklist I also do not see the IP in "iptables -L -n".

Hope someone can help me, I am tired of trying...
and I need this function to block some IPs with Layer 7 attacks.

proxmox-ve-2.6.32: 3.4-165 (running kernel: 2.6.32-42-pve)
pve-manager: 3.4-11 (running version: 3.4-11/6502936f)
pve-kernel-2.6.32-41-pve: 2.6.32-164
pve-kernel-2.6.32-42-pve: 2.6.32-165
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.7-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.10-3
pve-cluster: 3.0-19
qemu-server: 3.4-6
pve-firmware: 1.1-4
libpve-common-perl: 3.0-24
libpve-access-control: 3.0-16
libpve-storage-perl: 3.0-33
pve-libspice-server1: 0.12.4-3
vncterm: 1.1-8
vzctl: 4.0-1pve6
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 2.2-11
ksm-control-daemon: 1.1-1
glusterfs-client: 3.5.2-1

Thank you!!
 
Does not have any idea what it could be? :confused:
I would be very happy, if someone can give my a tip or help to find the problem, so why IPSet do not work.

- Adam
 
Adam-M said:
Hello,

I just tried all the day to get it work, but the firewall function IPSet do not work for me.
So if I enter a IP to the blacklist I also do not see the IP in "iptables -L -n".
Click to expand...

You won't see the IP address with "iptables -L -n". Use "ipset --list" to see the IP addresses that are being blocked.
 
Hi,

I am having the same issue here.This is my scenario:

I have 4 servers on a cluster, all on the same vlan so VM's can be replicated etc.
The VM's share a /26 of Public IP addresses, and i want to "lock down" each VM to a specific IP address in order to prevent spoofing and IP stealing, etc.

I have configured the VM via DHCP to get an IP. Then added the IP the VM got via DHCP, to the IP Set. Basically I am trying to make sure that no other IP can be used by this VM.

Firewall Status: Enabled. IN and OUT policies are set to ACCEPT.
Rules are added to allow ICMP IN and OUT on this VM.

I can ping the VM from the internet. But from the VM i cant ping out.
I can ssh into the VM too. But from the VM i cant ssh into a remote host.

Anyone has any ideas?

Thanks,

Foster Banks
 
You must log in or register to reply here.
Top Bottom