Hello,
I am not sure if I hit a bug so I try to check it before submitting the bug.
I created firewall for VM and the outgoing filter in iptables looks like this:
the problem is the "! match-set PVEFW-101-ipfilter-net1-v4 src", there isn't any such a ipset, so all traffic is blocked. I can create the ipset, but I don't see in documentation, how to create it. It can be fixed by
in the 101.fw config file but I don't see in GUI this setting.
The pve-firewall version is 4.1-3, the system is fresh installed from proxmox no subscription repo.
I am not sure if I hit a bug so I try to check it before submitting the bug.
I created firewall for VM and the outgoing filter in iptables looks like this:
Code:
Chain tap101i1-OUT (1 references)
pkts bytes target prot opt in out source destination
0 0 PVEFW-SET-ACCEPT-MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 [goto] udp spt:68 dpt:67
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 MAC ! 22:00:C7:00:5F:D4
688 47286 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ! match-set PVEFW-101-ipfilter-net1-v4 src
20 1254 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK and 0x7fffffffthe problem is the "! match-set PVEFW-101-ipfilter-net1-v4 src", there isn't any such a ipset, so all traffic is blocked. I can create the ipset, but I don't see in documentation, how to create it. It can be fixed by
Code:
[IPSET ipfilter-net1]
VMs own IPThe pve-firewall version is 4.1-3, the system is fresh installed from proxmox no subscription repo.