Proxmox Firewall Setup [Single NODE or CLUSTER]

Proxmox Firewall Setup [Single NODE or CLUSTER] | Proxmox Home Server Series

Рет қаралды 10,141

Күн бұрын

Everything works great with Proxmox Users ( • Create Proxmox USER + ... ) but we have a problem.
Anu user can use their VM or LXC to access my local network and if their account get compromised, someone can gain access to rest of my home lab services.
To stop that i will setup Proxmox Firewall and add specific rules to stop that from happening.
Proxmox Sandbox • Proxmox Sandbox and Da...
- Chapter
00:00 Intro
00:10 General understanding about Proxmox Firewall
01:04 Proxmox Firewall use case.
03:00 Proxmox Firewall Setup
14:04 Setting up Users Firewall Rules
18:06 The End Chat
#proxmox
#firewall
#homelab
#homeserver

Пікірлер: 19

@SamWhitlock 6 ай бұрын

This is a fantastic channel! Pure, useful info! I was just wandering around the forums trying to figure this out for myself (e.g. don't want VMs to be able to just reach out to the proxmox nodes' web interfaces themselves!), so I'm so glad I stumbled upon this!

@BMSwahn 7 ай бұрын

This is actually so useful. Just discovered your channel. You are a beast

@muhammadabidsaleem7048 Ай бұрын

Hi MRP We are running 4 node ceph cluster with PBS on another bare metal. We have configured simple zone in SDN as well. You explained the FW well. Thank you for your efforts. please shoot some videos on FW security groups and SDN with simple and vlan zones.

@tienvoxuan4954 7 ай бұрын

Thanks for sharing. A nice and clean video with a lot of useful information to me

@anthonydelagarde3990 7 ай бұрын

Thank you. Great video and tutorial.

@goodcitizen4587 3 ай бұрын

Very cool. I was wondering about this. I had them turned off, but you showed how to implement correctly. Thanks!

@andrevieira997 7 ай бұрын

Love your videos. Thank you for sharing your knowledge :) Hugs from Portugal!

@MRPtech 7 ай бұрын

Your Welcome. I hope video was helpful for you.

@HyuLilium 4 ай бұрын

I set output policy to drop everywhere, then defined 1st rule accept with destination gateway, 2nd rule drop with destination ALL local IPV4 addresses, third accept out anywhere else

@robbuurman1667 5 күн бұрын

Great video, thanks

@mtiken 7 ай бұрын

This is a great video. I am a very big fan of IPTABLES. Behind the scene it is the IPtables at work. This gives a very eassy way to write the rules. It would be good to see if we write the Iptables rules in the proxmos shell, will it refelect in the proxmos gui. Proxmos is really good. I remember in the late 90s we have this Webadmin for linux which is gui based configuration and now I see proxmox like that tool with hypervisor capability. Thanks again MRP. This is a great video.

@HyuLilium 4 ай бұрын

I don't get why out rules towards the internet are needed when the default policy for output was already ACCEPT under Datacenter, and also the individual LXC. Shouldn't it be turned to DROP for output rules to become necessary, otherwise everything out is accepted?

@smokedironmade8705 3 ай бұрын

Great video!! As a complement to this one can you please make one for setting up vlan? Thanks

@kristof9497 6 ай бұрын

Thanks.

@akostoth7654 3 ай бұрын

Great video, thank you very much. However, what I don't understand is that when I run the command 'nmap -sn' in the 'vm', it can still see the other devices on my local network. Does anyone know why?

@Crunch8111 3 ай бұрын

Hello Sir! May I ask you a question? Which rule do I have to add to the firewall to reject all traffic and connections to ipv6 adresses? When I activate the "Localnet" profile it blocks all IPV4 only.