nothing...also blocking the 43 port.
Crapnothing...also blocking the 43 port.
New MAC address abuse message.
how you have applied the rule? as global or replicated the rule for each device in the firewall?
> Unallowed MACs:
yes, the problem is that in default "drop" action, they are a "reject" rules on port 43.
hi thank you.echo 0 > /sys/class/net/tapXi0/brport/unicast_flood, for each tap interface (when the vm are running)
Hi, when you say "server is starting", are you talking about the vm or the proxmox server ?hi thank you.
why when are running?
What I see is that the mac's are visibile on the switch only when the server is starting , after the complete boot there no mac visibile on the switch.
", I mean, just after the vm have started, because the tap interface is created at vm start.echo 0 > /sys/class/net/tapXi0/brport/unicast_flood, for each tap interface (when the vm are running)
Hi "spirit" ,So, just to be sure, you have blocked port 43 with a drop rule in all yours vms where firewall is enabled and you use DROP as default inbound action ?
can you send a example of /etc/pve/firewall/<vmid>.fwHi "spirit" ,
I have a global rules added in every VPS and main host and the proxmox firewall is enabled on all VPS.
Hi, when you say "server restart", are you talking about the vm or the proxmox server ?Today after a serve restart:
thank you for the support.can you send a example of /etc/pve/firewall/<vmid>.fw
[OPTIONS] log_level_in: info enable: 1 [RULES] GROUP mac_address_deny IN ACCEPT -source xxx.xxx.xxx.xxx -p tcp -dport 10000:30000 -log nolog IN SSH(ACCEPT) -source xxx.xxx.xxx.xxx -log info IN FTP(ACCEPT) -source xxx.xxx.xxx.xxx -log info IN ACCEPT -source xxx.xxx.xxx.xxx -p tcp -dport 8080 -log info # ip mariangela IN FTP(ACCEPT) -source +ip_admin -log nolog IN SSH(ACCEPT) -source +ip_admin -log nolog IN ACCEPT -source +ip_admin -p tcp -dport 8080 -log info IN HTTP(ACCEPT) -log info IN HTTPS(ACCEPT) -log info
automatic vps shutdown and start.When you restart the proxmox node, do you first stop the vm manually ? or is it the auto shutdown of vms done by proxmox ?
I apply the samealso, do you also use firewall to protect the host itself ? (in proxmox node rules, or datacenter rules). if yes, do you also block the port 43 ?
I have moved critical vps to amazon aws.automatic vps shutdown and start.
I apply the same
After the GROUP mac_address_deny rules, after one week uptime I have received new abuse messages... (without any changes on the server and vps).
But every time I restart the node after 5 minutes ..new abuse email arrive.
Currently, on the default port43 reject has been fixed to drop.I have moved critical vps to amazon aws.
you confirm me that all this problems are solved on proxmox 7?
Doesn't works.BTW, another proxmox user have found a way to block bad traffic at hetzner level, in hetzner robot firewall.