Suricata IPS integration

[Maher Khalil]

Hello
I would like to use Suricata IPS integration
My question is do I need to activate proxmox firewall on the data-center level or only on the VMs level?

 

[Dunuin]

You always need to enable the PVE firewall on the datacenter level. If the datacenter level firewall is disabled all node/guest firewall rules won't be active.

 

[Maher Khalil]

I am afraid to activate datacenter firewall then I get blocked
so any advice what rule to add in datacenter level then accept everything?

 

[Dunuin]

PVE got hidden anti lockout rules by default. See here: https://pve.proxmox.com/wiki/Firewall#pve_firewall_default_rules

 

[Maher Khalil]

What I want to do is to block some IPs at datacenter lever, so I will make input policy at firewall datacenter, node and each VM level accept, I will not create any other rule then The I will create rule at datacenter level for each IP i want to block
my goal not to stop any traffic for VMs
I will also install Suricata for intrusion
any advice for my installation?
I have also fail2ban. should I stop it before Suricata install (I expect Suricata is enough)