Security group doesn't apply on network bridge and vps?

openaspace

Active Member
Sep 16, 2019
486
11
38
Italy
Hello,
I have some vps in the same private lan of my office where the router doesn't support VLAN and DMZ.

Therefore to isolate each container from privates hosts on the lan I apply this rules, where it can communicate only with the gateway and not with the entire lan subnet.

It just works but if I create a security group with this rules at dataceneter level to add easy on any new vps/lxc on directly on the dedicated network vps bridge it doesn't work and the rules are not applied.

It the wrong way to works with security group? I neee to works in another way?
Is the best for me if I can apply rules directly on the bridge for all inside vps/lcx or as single click on each vps/lxc

OUT ACCEPT -dest dc/ip-gateway -log nolog
OUT ACCEPT -dest nginx-stream -log info
OUT DROP -dest dc/subent-lan -log nolog

Where I'm wrong?



FULL FIREWALL LXC RULES
Code:
[OPTIONS]

log_level_in: info
ips: 1
policy_out: DROP
ipfilter: 0
enable: 1
radv: 1
ips_queues: 0
dhcp: 1

[RULES]

OUT ACCEPT -dest dc/ip-gateway -log nolog
OUT ACCEPT -dest nginx-stream -log info
OUT DROP -dest dc/subent-lan -log nolog
GROUP in_http_https
IN ACCEPT -source subnet-lan -p tcp -dport 81 -log info
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!