Hello,
I have a VM running as a DHCP server and I am trying to figure out the proper firewall settings to get it work. At first, as for my other VM's, I set the INPUT and OUTPUT policy to REJECT with logging, and created appropriate ALLOW rules for DHCP. That did not work. The DHCP requests did not reach the VM and they were not logged.
After a look at the documentation, when using DROP and REJECT, broadcast packets are discarded without being logged, which is a bit surprising but would explain my observation.
So I changed the policies to ACCEPT and created rules at the beginning of the rule set to accept DHCP requests and responses, and rules at the end to reject what is not allowed by a rule, as fallback. It works... but even if I disable my rules at the beginning! So it looks like with the ALLOW policy, the DHCP traffic is allowed implicitly, and my rules do not matter.
This is confusing and the trials and errors are time-consuming. So I though I would rather ask here: what would be the correct firewall settings for a DHCP server that would reject and log anythinge else?
I guess there is also a more general question about the handing of broadcast traffic in Proxmox. I did not find much information in the documentation, except this: https://pve.proxmox.com/pve-docs-7/...tml#_datacenter_incoming_outgoing_drop_reject
I have a VM running as a DHCP server and I am trying to figure out the proper firewall settings to get it work. At first, as for my other VM's, I set the INPUT and OUTPUT policy to REJECT with logging, and created appropriate ALLOW rules for DHCP. That did not work. The DHCP requests did not reach the VM and they were not logged.
After a look at the documentation, when using DROP and REJECT, broadcast packets are discarded without being logged, which is a bit surprising but would explain my observation.
So I changed the policies to ACCEPT and created rules at the beginning of the rule set to accept DHCP requests and responses, and rules at the end to reject what is not allowed by a rule, as fallback. It works... but even if I disable my rules at the beginning! So it looks like with the ALLOW policy, the DHCP traffic is allowed implicitly, and my rules do not matter.
This is confusing and the trials and errors are time-consuming. So I though I would rather ask here: what would be the correct firewall settings for a DHCP server that would reject and log anythinge else?
I guess there is also a more general question about the handing of broadcast traffic in Proxmox. I did not find much information in the documentation, except this: https://pve.proxmox.com/pve-docs-7/...tml#_datacenter_incoming_outgoing_drop_reject
Last edited: