Staging the problem.
Use case: I want to keep ip address based firewall enabled on a VM nic, aka firewall=1, but since this nic is running VRRP Virtual IP it uses spoofed macs, so I need macfilter=0.
When i manually edit the VMID.conf file and append macfilter=0 to the nic everything works as excepted. Kind of how i imagine it should similar to if you want to specify vlan trunks, the gui does not offer it so i though this would work the same way.
Problem: any edits to the VMD.conf file like something as simple as putting a tag, causes proxmox to see that that line has invalid value, which is true, you can not run qm set VMID -net0 and change macfilter as an option.
So what happens is my VRRP VIP is working fine most of the time but whenever something happens which causes the VMID.conf to be changed I loose, it so it became this inotify task which would put back the net0 line the way i want which is a super HACK way to get this working.
Ultimately,
Is there a better way to do this? Is the Mac Filter yes/no in the VM firewall options doing nothing? From what i gather, if the firewall=1, L2 anti mac spoofing is enabled, so i think this toggle is pointless unless you are not running the firewall in the first place. I already have it toggled as no. What can I do to allow mac spoofing but keep nic specific firewall rules working.
Thank you
Use case: I want to keep ip address based firewall enabled on a VM nic, aka firewall=1, but since this nic is running VRRP Virtual IP it uses spoofed macs, so I need macfilter=0.
When i manually edit the VMID.conf file and append macfilter=0 to the nic everything works as excepted. Kind of how i imagine it should similar to if you want to specify vlan trunks, the gui does not offer it so i though this would work the same way.
Problem: any edits to the VMD.conf file like something as simple as putting a tag, causes proxmox to see that that line has invalid value, which is true, you can not run qm set VMID -net0 and change macfilter as an option.
So what happens is my VRRP VIP is working fine most of the time but whenever something happens which causes the VMID.conf to be changed I loose, it so it became this inotify task which would put back the net0 line the way i want which is a super HACK way to get this working.
Ultimately,
Is there a better way to do this? Is the Mac Filter yes/no in the VM firewall options doing nothing? From what i gather, if the firewall=1, L2 anti mac spoofing is enabled, so i think this toggle is pointless unless you are not running the firewall in the first place. I already have it toggled as no. What can I do to allow mac spoofing but keep nic specific firewall rules working.
Thank you
Last edited: