greetings, I'm a user of classical KVM on Linux and have recently started to work with Proxmox on two nodes in my rack.
I have started to work with the firewall and I normally did a firewall on my hypervisor using /etc/network/interfaces calling /etc/network/firewall.sh which is a bash script of iptables. This would filter both forwarded traffic and traffic to the linux hypervisor. In proxmox things are a bit different (it's still iptables/ip6tables), and I'm attempting to use it the proxmox way by creating a security group and applying that to the VM and the hypervisor. I have a policy in iptables for forwared traffic below : iptables -t filter -A INPUT -j ACCEPT --in-interface $INET_IF --protocol \ icmp --icmp-type echo-request --match limit --limit 4/s --limit-burst 3 iptables -t filter -A INPUT -j log-and-drop --in-interface $INET_IF \ --protocol icmp --icmp-type echo-request I've attempted to set this up in the gui, but there's no option to add the ICMP type, only IP type, and nothing for the match option. If I add this in the config file, it's deleted upon the next time I look at it. I'm thinking surely there must be a way to include it, as blocking ICMP totally will break things. I've read the wiki and install guide, and can't really find any place to set this up at. Thanks, -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net _______________________________________________ pve-user mailing list pve-user@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user