Simple CIDR blocking .... usage question

[petesky]

Hi ! I would block some CIDR ranges from external. Therefore i activated firewall but i assume there is something misconfigured.

Datacenter > ENABLED (default policy ALLOW / ALLOW ) but i have also 2 rules in / out ACCEPT (as i had problems before reaching my server)
PVE -> ENABLED also 2 rules in / out ACCEPT same as Datacenter
VE -> ENABLED also 2 rules in / out ACCEPT same as PVE but DROP for IPSET BAN list.

Problem - IP in ban is not being blocke ? I assume the accept rules are wrong ?

 

[petesky]

Removed the 2 rules in / out ACCEPT but still not blocking the BAN IPSET on VE. So what exactly do i have to tick ? Only Firewall or IP FIlter also YES ?

 

[petesky]

Ups ok ... seems i understand now the problem as the VE has it own ip and own firewall. I Thought i can block the incoming bridge traffic ... maybe ?!