Proxmox ve Firewall

[gerdnl]

im trying to understand for the firewall works in proxmox interface
for example how do i deny all traffic at start and then allow certain rules.
couldnt find how it works in the interfaces


what i want is:

deny all traffic, accept for port 80,22

 

[gerdnl]

for example this doesnt block icmp from that ip



got firewalled enabled on the interface and in firewall options

 

[dope76]

Hi,

i have the same Problem. I enable the Firewall but nothing happens when i try to block something. In the firewall options i have:

enable firewall: yes
enable dhcp: no
mac filter: yes
log_level_in: info
log_level_out: info
input policy: drop --> but nothing drops
output policy: accept

Thank you very much in advance for your answer,
Christian

 

[gerdnl]

does it have to be enable in datacenter/firewall/options for the vm firewall to work?

 

[gerdnl]

yep that works
when u add a rule it takes some time to become active

 

[dope76]

Hi,

nothing happens. i activated the firewall in /datacenter/firewall/options, in node/firewall/options and in vm/firewall/options. the input policy of ervery option is drop. there is no effect. is there any other option to activate or insert for the firewall to work?

when u add a rule it takes some time to become active

i waited 5 hours

kind regards
christian

 

[a.modzelewski]

I've the same problem with Proxmox 3.3 Firewall as you.

 

[a.modzelewski]

I assume you enabled Firewall on node. Open console of node and run:

# pve-firewall status

If you see:

Status: disabled/running

you have to create file /etc/pve/firewall/cluster.fw with content:

[OPTIONS]
# enable firewall
enable: 1

Of course it's documented on http://pve.proxmox.com/wiki/Proxmox_VE_Firewall but it also relates to non-cluster configuration. After:

# pve-firewall stop
# pve-firewall start
# pve-firewall status

You should see:

Status: enabled/running

 

[dope76]

Hello,

to all other proxmoxer with this problem. To fix the problem (for all people who cannot read as i ):

klick to the VM-->Hardware-->Network Device. Now you have to activate the Firewall. After this steps the other configuration in the datacenter/nodes/vm have effect.

good proxmoxing

Christian

 

[a.modzelewski]

klick to the VM-->Hardware-->Network Device. Now you have to activate the Firewall. After this steps the other configuration in the datacenter/nodes/vm have effect.

You talking about KVM virtualization, we talking about OpenVZ paravirtualization, so your suggestion is not for us.

 

[dope76]

Hi,

here is no fifference between VM and OpenVZ. I have a checkbox "firewall" in OpenVZ paravirtualization in the tab "network". Is this point not checked there is no effect for this OpenVZ.
click on the OpenVZ-Template-->tab "network"-->edit "network device"-->check the point "firewall".

 

[a.modzelewski]

click on the OpenVZ-Template-->tab "network"-->edit "network device"-->check the point "firewall".

I can't find OpenVZ-Template...

 

[dope76]

Hi,

the template you created. Like this:



i hope this picture helps you. After that it works for me like a charme

 

[a.modzelewski]

Ok, you created veth, me venet. It's big difference.

 

[dope76]

Hi,

o.k.. Then i dont know, sorry. But i install a testmaschine like your configuration and test it.

 

[a.modzelewski]

No problem. It's good to know how configure veth device with firewall