PVE Firewall - GEOIP &/or ASN

K

KatyComputer

Well-Known Member
Sep 26, 2019
195
16
58
62
St Louis
katycomputer.com
Has anyone found a clever way to integrate GEOIP &/or ASN rules into PVE's firewall?

We have implemented 2FA on all systems, we restrict access to sensitive systems based on IP address, next, I want to restrict all remaining systems to networks within our metropolitan region.
 
KatyComputer said:
Has anyone found a clever way to integrate GEOIP &/or ASN rules into PVE's firewall?
Click to expand...
You could define IPSETs and update them through the API. But those rules might get big and slow down the sync to the other nodes (or even fail if the DB doesn't fit into memory anymore).
https://pve.proxmox.com/pve-docs/api-viewer/index.html

Another (maybe better) approach would be the let some IDS/IPS handle this kind of dynamic filtering.
https://pve.proxmox.com/pve-docs/chapter-pve-firewall.html#_tips_and_tricks
 
  • Like
Reactions: Stoiko Ivanov
You must log in or register to reply here.
Top Bottom