PVE Firewall - GEOIP &/or ASN

K

KatyComputer

Well-Known Member
Sep 26, 2019
193
16
58
61
St Louis
katycomputer.com
Has anyone found a clever way to integrate GEOIP &/or ASN rules into PVE's firewall?

We have implemented 2FA on all systems, we restrict access to sensitive systems based on IP address, next, I want to restrict all remaining systems to networks within our metropolitan region.
 
KatyComputer said:
Has anyone found a clever way to integrate GEOIP &/or ASN rules into PVE's firewall?
Click to expand...
You could define IPSETs and update them through the API. But those rules might get big and slow down the sync to the other nodes (or even fail if the DB doesn't fit into memory anymore).
https://pve.proxmox.com/pve-docs/api-viewer/index.html

Another (maybe better) approach would be the let some IDS/IPS handle this kind of dynamic filtering.
https://pve.proxmox.com/pve-docs/chapter-pve-firewall.html#_tips_and_tricks
 
  • Like
Reactions: Stoiko Ivanov
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom