Proxmox Host and ufw firewall

[Enthylsa]

Hi I try to understand how a proxmox host can be hardened with ufw.

I understand that proxmox has a own firewall but I have an ansible role which manage hardening etc. on all my servers and therefore would like to use ufw on my proxmox host.

However as I tried to use I saw that my lxc containers had massive connectivity problems.

How should a ufw config looks like for a proxmox host to use lxc without problems?

Greetings Enthylsa

 

[nunner]

Hi,

However as I tried to use I saw that my lxc containers had massive connectivity problems.

Could you describe these connectivity problems a bit more? What do your firewall rules look like? Are you using both ufw and the PVE firewall at the same time?

 

[Enthylsa]

Hi, no I have the PVE firewall disabled and ufw on the host blocks everything beside 22, 80, 443 and two higher ports but limited to src ip (bacula nd zabbix).

When I enable ufw in this config, I get connection error on server stats when accessing VMs or LXC hosted in server2 in the GUI on server1 and vice versa.
Also the LXC containers have dns and connectivity problems, long latency in aptitude etc.