[SOLVED] Firewall blacklist setting

K

Kordian

Well-Known Member
Mar 31, 2018
31
0
46
53
Hello,
The viki page states, that the only thing to do in order to implement a blacklist of ip's is to enter:
[IPSET blacklist]
77.240.159.182
213.87.123.0/24
into cluster.fw and that is all.
However, doing so results in the gui that a new ipset with the name IPSET blacklist is created. What is missing in the gui is the setting telling what to do with the blacklist.
So, do I have to create the rule in the options, or is creation of ipset with the name "blacklist" enough and the system will somehow automatically recognize it shoult block all those ips?
Ps.: Only few days ago the same viki page stated that the ipset should be named "blacklist". Today it is "IPSET blacklist".
Thank you in advance for clarification.
 
Last edited:
hi,

yes, just activate the firewall and add
Code: 
[IPSET blacklist]
1.2.3.4

with the IP addresses you want to block in /etc/pve/firewall/cluster.fw. afterwards you can run pve-firewall compile && pve-firewall restart

to check if it's added correctly: ipset list PVEFW-0-blacklist-v4 (if you just run ipset list you will find the names of the sets)

also iptables -xvL | grep blacklist should show it
 
  • Like
Reactions: ftrojahn and Mecanik
great!

you can mark the thread as [SOLVED] so others know what to expect!
 
top right you will see the three dots. click there and choose "edit thread" and add the [SOLVED] prefix there
 
You must log in or register to reply here.
Top Bottom
Back