restrict outside access to tthe machine to only 1 port/service and speific ips?

[YBEY]

Hey guys.
Even though im CCNA, cant seem to figure out the proxmox firewall config..

Scenario.
my main host ip is 11.11.11.11
and the Nessus machine is set to Bridge and receives the public IP address 22.22.22.22
So if i type https:/22.22.22.22:8834/#/ from anywhere in the world i can access it - that is BAD.

i want to allow access to several specific IP's, and only in port 8834, the rest i want to be blocked to everyone.
obviously i only want to restrict access from outside, the machine itself still needs to have the ability to access the iinternet .
can i get any help with this please?
thank you!

ps: even if i have zero rules in every "firewall" tab, when i type in "pve-firewall status" i get: "ip6tables-save v1.4.14: Cannot initialize: Address family not supported by protocol"

 

[alen]

Hi YBEY.

You can easily configure your firewall rules:

- Enable the firewall on the Datacenter and the Host level by using both firewall tabs, setting the Enable Firewall option to "Yes".

- Set the needed rules, by selecting the bottom Rules tab and then Add (Rule). Here you can set the needed options (direction, source IP, destination IP, ports, ...).

There are several ways/levels to create rules, which means you can add them on the Datacenter level (e.g. setting your host IP as the destination), or directly on the Host level by setting (in this case) only the source IP and needed ports, or whatever you like to allow/restrict.

Be aware that the Datacenter default Input policy is set to DROP and Output policy set to ACCEPT, so if you (also) want to restrict the flow of the output packets, change the Output policy and add additional rules.