Hi Buddies,
I suddenly found my PVE both PVE host and VMs running on top of PVE ARE all DNS blocked, CLI on PVE host:
Per ChatGTP's suggestion I tried to delete the DROP ACTION "iptables -D PVEFW-Reject 11" & "iptables -D PVEFW-Drop 12"... But they will be recoveried very soon, like this:
root@CBNi-GZ-PVE01:/etc/pve/firewall# iptables -L -n | grep "DROP.*udp spt:53"
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
root@CBNi-GZ-PVE01:/etc/pve/firewall#
And I've also tried to add below RULES to /etc/pve/firewall/cluster.fw and restart pve-firewall, no help at all. The DROP action is obviously of higher priority than below RULES.
[RULES]
IN ACCEPT -p udp --sport 53
IN ACCEPT -p tcp --sport 53
OUT ACCEPT -p udp --dport 53
OUT ACCEPT -p tcp --dport 53
Any suggestions and commnets will be hightly appreciated!
I suddenly found my PVE both PVE host and VMs running on top of PVE ARE all DNS blocked, CLI on PVE host:
Per ChatGTP's suggestion I tried to delete the DROP ACTION "iptables -D PVEFW-Reject 11" & "iptables -D PVEFW-Drop 12"... But they will be recoveried very soon, like this:
root@CBNi-GZ-PVE01:/etc/pve/firewall# iptables -L -n | grep "DROP.*udp spt:53"
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53
root@CBNi-GZ-PVE01:/etc/pve/firewall#
And I've also tried to add below RULES to /etc/pve/firewall/cluster.fw and restart pve-firewall, no help at all. The DROP action is obviously of higher priority than below RULES.
[RULES]
IN ACCEPT -p udp --sport 53
IN ACCEPT -p tcp --sport 53
OUT ACCEPT -p udp --dport 53
OUT ACCEPT -p tcp --dport 53
Any suggestions and commnets will be hightly appreciated!