PVE-Firewall - logs missing

H

hac3ru

Member
Mar 6, 2021
42
0
11
32
Hello,

I am running a PVE 8.2.2 cluster on three nodes. I've enabled the firewall at the datacenter level, on each host and at VM level. The rules seems to be working fine. The only thing that I'm not seeing is any logs. I have even tried to enable the log_level_in and log_level_out to debug, in hoping of getting some logs. No luck...

Output of `pveversion -v`:
Bash: 
# pveversion -v
proxmox-ve: 8.2.0 (running kernel: 6.8.4-3-pve)
pve-manager: 8.2.2 (running version: 8.2.2/9355359cd7afbae4)
proxmox-kernel-helper: 8.1.0
pve-kernel-5.15: 7.4-4
proxmox-kernel-6.8: 6.8.4-3
proxmox-kernel-6.8.4-3-pve-signed: 6.8.4-3
proxmox-kernel-6.8.4-2-pve-signed: 6.8.4-2
proxmox-kernel-6.5.13-5-pve-signed: 6.5.13-5
proxmox-kernel-6.5: 6.5.13-5
pve-kernel-5.15.108-1-pve: 5.15.108-1
pve-kernel-5.15.30-2-pve: 5.15.30-3
ceph-fuse: 16.2.11+ds-2
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx8
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-4
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.5.1
libproxmox-backup-qemu0: 1.4.1
libproxmox-rs-perl: 0.3.3
libpve-access-control: 8.1.4
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.0.6
libpve-cluster-perl: 8.0.6
libpve-common-perl: 8.2.1
libpve-guest-common-perl: 5.1.1
libpve-http-server-perl: 5.1.0
libpve-network-perl: 0.9.8
libpve-rs-perl: 0.8.8
libpve-storage-perl: 8.2.1
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-1
lxcfs: 6.0.0-pve2
novnc-pve: 1.4.0-3
proxmox-backup-client: 3.2.2-1
proxmox-backup-file-restore: 3.2.2-1
proxmox-kernel-helper: 8.1.0
proxmox-mail-forward: 0.2.3
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.6
proxmox-widget-toolkit: 4.2.3
pve-cluster: 8.0.6
pve-container: 5.1.10
pve-docs: 8.2.2
pve-edk2-firmware: 4.2023.08-4
pve-esxi-import-tools: 0.7.0
pve-firewall: 5.0.7
pve-firmware: 3.11-1
pve-ha-manager: 4.0.4
pve-i18n: 3.2.2
pve-qemu-kvm: 8.1.5-6
pve-xtermjs: 5.3.0-3
qemu-server: 8.2.1
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.3-pve2

The firewall "rules" are just to test this, right now:
Code: 
[OPTIONS]

ndp: 0
enable: 1
policy_in: ACCEPT
log_level_out: debug
macfilter: 0
log_level_in: debug

[RULES]

OUT ACCEPT -log debug
IN ACCEPT -log debug
I just noticed this, so I can't say when it started happening. I have had quite a few VMs that had firewall rules that were logging stuff but now, none of them seem to be showing any logs.... :(

Also tried to restart pve-firewall, to no avail.

Any help would be greatly appreciated.
 
Last edited:
Can you post the output of the following command?

Code: 
systemctl status pvefw-logger pve-firewall
 
@shanreich
Code: 
# systemctl status pvefw-logger pve-firewall
● pvefw-logger.service - Proxmox VE firewall logger
     Loaded: loaded (/lib/systemd/system/pvefw-logger.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-05-23 09:35:34 CEST; 1h 4min ago
    Process: 1403294 ExecStart=/usr/sbin/pvefw-logger (code=exited, status=0/SUCCESS)
   Main PID: 1403297 (pvefw-logger)
      Tasks: 2 (limit: 618676)
     Memory: 392.0K
        CPU: 196ms
     CGroup: /system.slice/pvefw-logger.service
             └─1403297 /usr/sbin/pvefw-logger

May 23 09:35:34 CS02 systemd[1]: Starting pvefw-logger.service - Proxmox VE firewall logger...
May 23 09:35:34 CS02 pvefw-logger[1403297]: starting pvefw logger
May 23 09:35:34 CS02 systemd[1]: Started pvefw-logger.service - Proxmox VE firewall logger.

● pve-firewall.service - Proxmox VE firewall
     Loaded: loaded (/lib/systemd/system/pve-firewall.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-05-23 09:35:34 CEST; 1h 4min ago
    Process: 1402735 ExecStartPre=/usr/bin/update-alternatives --set ebtables /usr/sbin/ebtables-legacy (code=exited, status=0/SUCCESS)
    Process: 1402738 ExecStartPre=/usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy (code=exited, status=0/SUCCESS)
    Process: 1402739 ExecStartPre=/usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy (code=exited, status=0/SUCCESS)
    Process: 1402740 ExecStart=/usr/sbin/pve-firewall start (code=exited, status=0/SUCCESS)
   Main PID: 1403134 (pve-firewall)
      Tasks: 1 (limit: 618676)
     Memory: 95.6M
        CPU: 59.570s
     CGroup: /system.slice/pve-firewall.service
             └─1403134 pve-firewall

May 23 09:35:33 CS02 systemd[1]: Starting pve-firewall.service - Proxmox VE firewall...
May 23 09:35:34 CS02 pve-firewall[1403134]: starting server
May 23 09:35:34 CS02 systemd[1]: Started pve-firewall.service - Proxmox VE firewall.

This was run on the host that has the test VM.
 
It seems I was talking too early. VMs that had the firewall enabled are obeying the rules but I just enabled the firewall on a VM and for some reason, it's not working.
Code: 
[OPTIONS]

ndp: 0
enable: 1
policy_in: DROP
policy_out: DROP
log_level_out: debug
macfilter: 0
log_level_in: debug

[RULES]

OUT DROP -log debug
IN DROP -log debug
As I said before, the firewall is enabled at the datacenter level, hosts and this VM, but the firewall is not working....
 
hac3ru said:
It seems I was talking too early. VMs that had the firewall enabled are obeying the rules but I just enabled the firewall on a VM and for some reason, it's not working.
Click to expand...

How are you testing / verifying this? If the connection was established beforehand then conntrack might be the culprit.
 
@shanreich I'm pinging an IP (any IP) and it shouldn't work, but it does.
I just tried to ping 1.1.1.1, 8.8.8.8, test.com, whatever. Everything work.... :(
 
Can you post the output of the following command?

Code: 
iptables-save -c

Can you post the ID and configuration of the VM that you use for testing?

Code: 
qm config <vmid>
 
Code: 
# iptables-save -c
# Generated by iptables-save v1.8.9 on Mon May 27 10:32:59 2024
*raw
:PREROUTING ACCEPT [4648464025:6981497490610]
:OUTPUT ACCEPT [1357978564:5659521142023]
COMMIT
# Completed on Mon May 27 10:32:59 2024
# Generated by iptables-save v1.8.9 on Mon May 27 10:32:59 2024
*filter
:INPUT ACCEPT [3491:206974]
:FORWARD ACCEPT [39099:4036069]
:OUTPUT ACCEPT [4771:288404]
:GROUP-management-proxmox-IN - [0:0]
:GROUP-management-proxmox-OUT - [0:0]
:PVEFW-Drop - [0:0]
:PVEFW-DropBroadcast - [0:0]
:PVEFW-FORWARD - [0:0]
:PVEFW-FWBR-IN - [0:0]
:PVEFW-FWBR-OUT - [0:0]
:PVEFW-HOST-IN - [0:0]
:PVEFW-HOST-OUT - [0:0]
:PVEFW-INPUT - [0:0]
:PVEFW-OUTPUT - [0:0]
:PVEFW-Reject - [0:0]
:PVEFW-SET-ACCEPT-MARK - [0:0]
:PVEFW-logflags - [0:0]
:PVEFW-reject - [0:0]
:PVEFW-smurflog - [0:0]
:PVEFW-smurfs - [0:0]
:PVEFW-tcpflags - [0:0]
[1809499:3454938882] -A INPUT -j PVEFW-INPUT
[241218:117275157] -A FORWARD -j PVEFW-FORWARD
[2020034:8076593111] -A OUTPUT -j PVEFW-OUTPUT
[3888:270695] -A GROUP-management-proxmox-IN -j MARK --set-xmark 0x0/0x80000000
[0:0] -A GROUP-management-proxmox-IN -p tcp -m set --match-set PVEFW-0-proxmox-nodes-v4 src -m tcp --dport 60000:6005                                                                                                                        0 -g PVEFW-SET-ACCEPT-MARK
[0:0] -A GROUP-management-proxmox-IN -p udp -m set --match-set PVEFW-0-proxmox-nodes-v4 src -m udp --dport 5405:5412                                                                                                                         -g PVEFW-SET-ACCEPT-MARK
[0:0] -A GROUP-management-proxmox-IN -p udp -m set --match-set PVEFW-0-proxmox-nodes-v4 src -m udp --dport 111 -g PVE                                                                                                                        FW-SET-ACCEPT-MARK
[0:0] -A GROUP-management-proxmox-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 3128 -g PVEFW                                                                                                                        -SET-ACCEPT-MARK
[0:0] -A GROUP-management-proxmox-IN -s <gateway IP>/32 -p tcp -m tcp --dport 5900:5999 -g PVEFW-SET-ACCEPT-MARK
[0:0] -A GROUP-management-proxmox-IN -s <gateway IP>/32 -p tcp -m tcp --dport 8006 -g PVEFW-SET-ACCEPT-MARK
[0:0] -A GROUP-management-proxmox-IN -s <gateway IP>/32 -p tcp -m tcp --dport 22 -g PVEFW-SET-ACCEPT-MARK
[0:0] -A GROUP-management-proxmox-IN -p tcp -m set --match-set PVEFW-0-proxmox-nodes-v4 src -m tcp --dport 22 -g PVEF                                                                                                                        W-SET-ACCEPT-MARK
[2:168] -A GROUP-management-proxmox-IN -p icmp -g PVEFW-SET-ACCEPT-MARK
[3886:270527] -A GROUP-management-proxmox-IN -m comment --comment "PVESIG:xhSM5C+pCVzUdMMv0C7rkNPeRzY"
[4771:288404] -A GROUP-management-proxmox-OUT -j MARK --set-xmark 0x0/0x80000000
[4771:288404] -A GROUP-management-proxmox-OUT -g PVEFW-SET-ACCEPT-MARK
[0:0] -A GROUP-management-proxmox-OUT -m comment --comment "PVESIG:JsjeXu5Q0EaESW6csgeOpVj9KFw"
[397:63721] -A PVEFW-Drop -j PVEFW-DropBroadcast
[0:0] -A PVEFW-Drop -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
[0:0] -A PVEFW-Drop -p icmp -m icmp --icmp-type 11 -j ACCEPT
[0:0] -A PVEFW-Drop -m conntrack --ctstate INVALID -j DROP
[0:0] -A PVEFW-Drop -p udp -m multiport --dports 135,445 -j DROP
[0:0] -A PVEFW-Drop -p udp -m udp --dport 137:139 -j DROP
[0:0] -A PVEFW-Drop -p udp -m udp --sport 137 --dport 1024:65535 -j DROP
[0:0] -A PVEFW-Drop -p tcp -m multiport --dports 135,139,445 -j DROP
[0:0] -A PVEFW-Drop -p udp -m udp --dport 1900 -j DROP
[0:0] -A PVEFW-Drop -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
[0:0] -A PVEFW-Drop -p udp -m udp --sport 53 -j DROP
[0:0] -A PVEFW-Drop -m comment --comment "PVESIG:83WlR/a4wLbmURFqMQT3uJSgIG8"
[397:63721] -A PVEFW-DropBroadcast -m addrtype --dst-type BROADCAST -j DROP
[0:0] -A PVEFW-DropBroadcast -m addrtype --dst-type MULTICAST -j DROP
[0:0] -A PVEFW-DropBroadcast -m addrtype --dst-type ANYCAST -j DROP
[0:0] -A PVEFW-DropBroadcast -d 224.0.0.0/4 -j DROP
[0:0] -A PVEFW-DropBroadcast -m comment --comment "PVESIG:NyjHNAtFbkH7WGLamPpdVnxHy4w"
[1:40] -A PVEFW-FORWARD -m conntrack --ctstate INVALID -j DROP
[202118:113239048] -A PVEFW-FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A PVEFW-FORWARD -m physdev --physdev-in fwln+ --physdev-is-bridged -j PVEFW-FWBR-IN
[0:0] -A PVEFW-FORWARD -m physdev --physdev-out fwln+ --physdev-is-bridged -j PVEFW-FWBR-OUT
[39099:4036069] -A PVEFW-FORWARD -m comment --comment "PVESIG:qnNexOcGa+y+jebd4dAUqFSp5nw"
[0:0] -A PVEFW-FWBR-IN -m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs
[0:0] -A PVEFW-FWBR-IN -m comment --comment "PVESIG:Ijl7/xz0DD7LF91MlLCz0ybZBE0"
[0:0] -A PVEFW-FWBR-OUT -m comment --comment "PVESIG:2jmj7l5rSw0yVb/vlWAYkK/YBwk"
[17193:5322587] -A PVEFW-HOST-IN -i lo -j ACCEPT
[30:1560] -A PVEFW-HOST-IN -m conntrack --ctstate INVALID -j DROP
[1788388:3449344040] -A PVEFW-HOST-IN -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[3888:270695] -A PVEFW-HOST-IN -m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs
[0:0] -A PVEFW-HOST-IN -p igmp -j RETURN
[3888:270695] -A PVEFW-HOST-IN -j GROUP-management-proxmox-IN
[2:168] -A PVEFW-HOST-IN -m mark --mark 0x80000000/0x80000000 -j RETURN
[3488:206754] -A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 8006 -j RETURN
[0:0] -A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 5900:5999 -j RETURN
[0:0] -A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 3128 -j RETURN
[1:52] -A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 22 -j RETURN
[0:0] -A PVEFW-HOST-IN -p tcp -m set --match-set PVEFW-0-management-v4 src -m tcp --dport 60000:60050 -j RETURN
[0:0] -A PVEFW-HOST-IN -s <Node 2 IP>/32 -d <Node 1 IP>/32 -p udp -m udp --dport 5404:5405 -j RETURN
[0:0] -A PVEFW-HOST-IN -s <Node 3 IP>/32 -d <Node 1 IP>/32 -p udp -m udp --dport 5404:5405 -j RETURN
[397:63721] -A PVEFW-HOST-IN -j PVEFW-Drop
[0:0] -A PVEFW-HOST-IN -j DROP
[0:0] -A PVEFW-HOST-IN -m comment --comment "PVESIG:lotZsnNKfFA+RY6qmbZ08OWQShU"
[17193:5322587] -A PVEFW-HOST-OUT -o lo -j ACCEPT
[27:1404] -A PVEFW-HOST-OUT -m conntrack --ctstate INVALID -j DROP
[1998043:8070980716] -A PVEFW-HOST-OUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A PVEFW-HOST-OUT -p igmp -j RETURN
[4771:288404] -A PVEFW-HOST-OUT -j GROUP-management-proxmox-OUT
[4771:288404] -A PVEFW-HOST-OUT -m mark --mark 0x80000000/0x80000000 -j RETURN
[0:0] -A PVEFW-HOST-OUT -d <Management network>/24 -p tcp -m tcp --dport 8006 -j RETURN
[0:0] -A PVEFW-HOST-OUT -d <Management network>/24 -p tcp -m tcp --dport 22 -j RETURN
[0:0] -A PVEFW-HOST-OUT -d <Management network>/24 -p tcp -m tcp --dport 5900:5999 -j RETURN
[0:0] -A PVEFW-HOST-OUT -d <Management network>/24 -p tcp -m tcp --dport 3128 -j RETURN
[0:0] -A PVEFW-HOST-OUT -s <Node 1 IP>/32 -d <Node 2 IP>/32 -p udp -m udp --dport 5404:5405 -j RETURN
[0:0] -A PVEFW-HOST-OUT -s <Node 1 IP>/32 -d <Node 3 IP>/32 -p udp -m udp --dport 5404:5405 -j RETURN
[0:0] -A PVEFW-HOST-OUT -j RETURN
[0:0] -A PVEFW-HOST-OUT -m comment --comment "PVESIG:MmYdg4/YFXWMiXyxCxnNFTPaUsY"
[1809499:3454938882] -A PVEFW-INPUT -j PVEFW-HOST-IN
[3491:206974] -A PVEFW-INPUT -m comment --comment "PVESIG:+5iMmLaxKXynOB/+5xibfx7WhFk"
[2020034:8076593111] -A PVEFW-OUTPUT -j PVEFW-HOST-OUT
[4771:288404] -A PVEFW-OUTPUT -m comment --comment "PVESIG:LjHoZeSSiWAG3+2ZAyL/xuEehd0"
[0:0] -A PVEFW-Reject -j PVEFW-DropBroadcast
[0:0] -A PVEFW-Reject -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
[0:0] -A PVEFW-Reject -p icmp -m icmp --icmp-type 11 -j ACCEPT
[0:0] -A PVEFW-Reject -m conntrack --ctstate INVALID -j DROP
[0:0] -A PVEFW-Reject -p udp -m multiport --dports 135,445 -j PVEFW-reject
[0:0] -A PVEFW-Reject -p udp -m udp --dport 137:139 -j PVEFW-reject
[0:0] -A PVEFW-Reject -p udp -m udp --sport 137 --dport 1024:65535 -j PVEFW-reject
[0:0] -A PVEFW-Reject -p tcp -m multiport --dports 135,139,445 -j PVEFW-reject
[0:0] -A PVEFW-Reject -p udp -m udp --dport 1900 -j DROP
[0:0] -A PVEFW-Reject -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
[0:0] -A PVEFW-Reject -p udp -m udp --sport 53 -j DROP
[0:0] -A PVEFW-Reject -m comment --comment "PVESIG:h3DyALVslgH5hutETfixGP08w7c"
[4773:288572] -A PVEFW-SET-ACCEPT-MARK -j MARK --set-xmark 0x80000000/0x80000000
[4773:288572] -A PVEFW-SET-ACCEPT-MARK -m comment --comment "PVESIG:Hg/OIgIwJChBUcWU8Xnjhdd2jUY"
[0:0] -A PVEFW-logflags -j DROP
[0:0] -A PVEFW-logflags -m comment --comment "PVESIG:MN4PH1oPZeABMuWr64RrygPfW7A"
[0:0] -A PVEFW-reject -m addrtype --dst-type BROADCAST -j DROP
[0:0] -A PVEFW-reject -s 224.0.0.0/4 -j DROP
[0:0] -A PVEFW-reject -p icmp -j DROP
[0:0] -A PVEFW-reject -p tcp -j REJECT --reject-with tcp-reset
[0:0] -A PVEFW-reject -p udp -j REJECT --reject-with icmp-port-unreachable
[0:0] -A PVEFW-reject -p icmp -j REJECT --reject-with icmp-host-unreachable
[0:0] -A PVEFW-reject -j REJECT --reject-with icmp-host-prohibited
[0:0] -A PVEFW-reject -m comment --comment "PVESIG:Jlkrtle1mDdtxDeI9QaDSL++Npc"
[0:0] -A PVEFW-smurflog -j DROP
[0:0] -A PVEFW-smurflog -m comment --comment "PVESIG:2gfT1VMkfr0JL6OccRXTGXo+1qk"
[81:16227] -A PVEFW-smurfs -s 0.0.0.0/32 -j RETURN
[0:0] -A PVEFW-smurfs -m addrtype --src-type BROADCAST -g PVEFW-smurflog
[0:0] -A PVEFW-smurfs -s 224.0.0.0/4 -g PVEFW-smurflog
[3807:254468] -A PVEFW-smurfs -m comment --comment "PVESIG:HssVe5QCBXd5mc9kC88749+7fag"
[0:0] -A PVEFW-tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g PVEFW-logflags
[0:0] -A PVEFW-tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g PVEFW-logflags
[0:0] -A PVEFW-tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g PVEFW-logflags
[0:0] -A PVEFW-tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g PVEFW-logflags
[0:0] -A PVEFW-tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g PVEFW-logflags
[0:0] -A PVEFW-tcpflags -m comment --comment "PVESIG:CMFojwNPqllyqD67NeI5m+bP5mo"
COMMIT
# Completed on Mon May 27 10:32:59 2024
I edited out the IPs, but I think that's not an issue

Code: 
# qm config 121
agent: 1
balloon: 0
boot: order=scsi0;net0
cipassword: **********
ciupgrade: 0
ciuser: ubuntu
cores: 2
description: Created from template
ide0: NAS01:vm-121-cloudinit,media=cdrom,size=4M
ipconfig0: ip=172.16.254.6/29,gw=172.16.254.1
memory: 4096
meta: creation-qemu=6.1.0,ctime=1644904994
name: develop-VM
nameserver: 172.16.254.1 172.16.254.2 172.16.254.3
net0: virtio=26:FB:45:FA:41:29,bridge=vmbr1,tag=300
numa: 0
onboot: 1
ostype: l26
protection: 1
scsi0: NAS01:vm-121-disk-0,aio=threads,size=15G
scsihw: virtio-scsi-pci
smbios1: uuid=9f22e212-8020-4806-a9ae-a9e0176ecca8
sockets: 1
startup: order=3100
tags: Develop;HA
vmgenid: fc5e5220-4a6c-42ee-a01d-904ad312041f

Thank you!
 
shanreich said:
Seems like the Firewall Option is not enabled for the NIC, so the firewall cannot work.
Click to expand...
I completely forgot that it also needs to be enabled on the NIC! You're right!

I just enabled the firewall on the NIC and it works, and this also has logs on it. The other VM's still not logging anything :(
 
hac3ru said:
The other VM's still not logging anything
Click to expand...
Is the firewall enabled there as well? The iptables output didn't show any rules for any VM, so I'd assume you need to enable it there as well.
 
shanreich said:
Is the firewall enabled there as well? The iptables output didn't show any rules for any VM, so I'd assume you need to enable it there as well.
Click to expand...
It is, 100%. I just checked it again:
1716800557036.png
I don't know, I guess I'll try a reboot of the VM and of the hosts at the next maintenance window and see if that fixes it...
The funny thing: firewall works properly on this machine (it would have on the other too, if I would have enabled the firewall at the NIC level). So the rules are there and do their job, but I can't see any logs.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back