Suricata IPS integration

Maher Khalil

Member
Jul 11, 2021
149
5
18
41
Hello
I would like to use Suricata IPS integration
My question is do I need to activate proxmox firewall on the data-center level or only on the VMs level?
 

Dunuin

Famous Member
Jun 30, 2020
7,301
1,763
149
Germany
You always need to enable the PVE firewall on the datacenter level. If the datacenter level firewall is disabled all node/guest firewall rules won't be active.
 

Maher Khalil

Member
Jul 11, 2021
149
5
18
41
I am afraid to activate datacenter firewall then I get blocked
so any advice what rule to add in datacenter level then accept everything?
 

Maher Khalil

Member
Jul 11, 2021
149
5
18
41
What I want to do is to block some IPs at datacenter lever, so I will make input policy at firewall datacenter, node and each VM level accept, I will not create any other rule then The I will create rule at datacenter level for each IP i want to block
my goal not to stop any traffic for VMs
I will also install Suricata for intrusion
any advice for my installation?
I have also fail2ban. should I stop it before Suricata install (I expect Suricata is enough)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!