pve-firewall simulate

P

pemadiot

Member
Feb 16, 2021
5
0
6
53
Hi all,

Unfortunately, not yet upgraded, currently on a pve 6.4.1 tyring to setup the firewall.
We've defined a cluster.fw (no other firewall rules files under /etc/pve/firewall) containing :
- a bunch of ALIASES (names in uppercase),
my_subnet 10.10.10.0/24 # subnet CIDR notation
my_XYZ_host 10.10.10.10 #specific IP

- IPSETS (refering the aliases in lowercase)

- rules containing 3 groups

- each rule group containing entries like
IN ACCEPT -source my_xyz -dest my_subnet -p tcp -port 8006 log info
IN SSH(ACCEPT) -source my_xyz -dest my_subnet -log info


When pve-firewall compile all is good.

When pve-firewall simulate --from 10.10.10.10 --dest 10.10.10.221

we get :
test packet:
from : outside
to: host
source : 10.10.10.10
dest 10.10.10.221
no such chain 'PVEFW-INT' at /usr/share/perl5/PVE/FirewallSimulator.pm line 286

anyone encountered this issue?
Prior to setup firewall with default input policy to DROP, i'd rather have the policies not to cut end user out of the admin access to the pveproxy admin UI or SSH at bare minimum.

The simulator showing simulator error des not entice to confidence

looking forward some suggestions

best regards
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom