Why Firewall IS allowing Traffic even if there are no rules Configured?

[celtic3296]

Proxmox Firewall rules are cleared firewall is enabled but still Proxmox is allowing the traffic- What am I missing?

 

[shanreich]

There is a default ruleset that gets automatically created, see [1]

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pve_firewall_default_rules

 

[celtic3296]

Thanks but Established Traffic can be allowed but proxmox is also allowing traffic from new IPs

 

[shanreich]

What traffic exactly? Which IP to which IP? Protocol? Ports?
How does the generated ruleset look like?

 

[shanreich]

That is part of the default ruleset [1]:

TCP traffic from management hosts to port 8006 in order to allow access to the web interface

You can check the generated management ipset via the command (those are the subnets where traffic to 8006 is allowed):

pve-firewall localnet

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pve_firewall_default_rules

 

[celtic3296]

I only want to allow one IP i.e 192.168.1.55 for management- how do I achieve that?

 

[shanreich]

You can create an alias called local_network on the cluster-level that overrides this value, see [1]

[1] https://pve.proxmox.com/wiki/Firewall#pve_firewall_ip_aliases

 

[celtic3296]

There you have it- thanks Expert!!!!