Try to understand Proxmox Firewall and IP per MAC

[FcbInfo]

Hi there,

I'm very confused about the new proxmox firewall.
I tried to read something about this, but didn't help.

When you enable firewall for cluster, have you enabled firewall for all virtual machines inside of it?
May I have firewall enabled for 1 VM but not for other VMs?

I tried to apply some rules in one of my VMs, but it shows to don't work. I tried to closed port 22 for VM XXX, but the port 22 still open.

Another question is...
Is possible with this new firewall, prevent IP stealing by MAC? If some user try to add an IP to a VM, works only if an administrator permit this IP to be used by this VM MAC address.

 

[kotakomputer]

I tried to apply some rules in one of my VMs, but it shows to don't work. I tried to closed port 22 for VM XXX, but the port 22 still open.

Make sure on both NODE and VM "Enable Firewall = Yes"

 

[Michael_Strobel]

Hi there,

I'm very confused about the new proxmox firewall.
I tried to read something about this, but didn't help.

When you enable firewall for cluster, have you enabled firewall for all virtual machines inside of it?
May I have firewall enabled for 1 VM but not for other VMs?

I tried to apply some rules in one of my VMs, but it shows to don't work. I tried to closed port 22 for VM XXX, but the port 22 still open.

Another question is...
Is possible with this new firewall, prevent IP stealing by MAC? If some user try to add an IP to a VM, works only if an administrator permit this IP to be used by this VM MAC address.

If you have direct access to your cluster and VM's why not just disable root login on each VM?? Proxmox firewall is pretty tricky to figure out especially if your using more than one IP. However it is definitely possible... Have you activated firewall on the VNIC? After i did that the first time all VM's where automatically dropping everything, and i had to set all the appropriate allow rules.