This is a fantastic channel! Pure, useful info! I was just wandering around the forums trying to figure this out for myself (e.g. don't want VMs to be able to just reach out to the proxmox nodes' web interfaces themselves!), so I'm so glad I stumbled upon this!
@BMSwahn9 ай бұрын
This is actually so useful. Just discovered your channel. You are a beast
@HyuLilium7 ай бұрын
I set output policy to drop everywhere, then defined 1st rule accept with destination gateway, 2nd rule drop with destination ALL local IPV4 addresses, third accept out anywhere else
@goodcitizen45876 ай бұрын
Very cool. I was wondering about this. I had them turned off, but you showed how to implement correctly. Thanks!
@tienvoxuan49549 ай бұрын
Thanks for sharing. A nice and clean video with a lot of useful information to me
@barma130918 күн бұрын
It's a good idea to block all traffic except that directed to gateway
@andrevieira9979 ай бұрын
Love your videos. Thank you for sharing your knowledge :) Hugs from Portugal!
@MRPtech9 ай бұрын
Your Welcome. I hope video was helpful for you.
@mtiken9 ай бұрын
This is a great video. I am a very big fan of IPTABLES. Behind the scene it is the IPtables at work. This gives a very eassy way to write the rules. It would be good to see if we write the Iptables rules in the proxmos shell, will it refelect in the proxmos gui. Proxmos is really good. I remember in the late 90s we have this Webadmin for linux which is gui based configuration and now I see proxmox like that tool with hypervisor capability. Thanks again MRP. This is a great video.
@smokedironmade87055 ай бұрын
Great video!! As a complement to this one can you please make one for setting up vlan? Thanks
@akostoth76545 ай бұрын
Great video, thank you very much. However, what I don't understand is that when I run the command 'nmap -sn' in the 'vm', it can still see the other devices on my local network. Does anyone know why?
@robbuurman16672 ай бұрын
Great video, thanks
@HyuLilium7 ай бұрын
I don't get why out rules towards the internet are needed when the default policy for output was already ACCEPT under Datacenter, and also the individual LXC. Shouldn't it be turned to DROP for output rules to become necessary, otherwise everything out is accepted?
@Crunch81115 ай бұрын
Hello Sir! May I ask you a question? Which rule do I have to add to the firewall to reject all traffic and connections to ipv6 adresses? When I activate the "Localnet" profile it blocks all IPV4 only.
@ltonchis12455 ай бұрын
What would be the best way to run a firewall? Local router -> Proxmox -> PFsense ( manage all interfaces from Promox ) or PFSense -> Proxmox ?
@sumarouno3 күн бұрын
This is actually so useful. Thanks!
@Lunolux9 ай бұрын
thx
@MRPtech9 ай бұрын
np
@anthonydelagarde39909 ай бұрын
Thank you. Great video and tutorial.
@SiyualАй бұрын
Can this be used for public facing server VMs to prevent access to the rest of the network in the event the server is compromised?
@MRPtechАй бұрын
Yes, extra firewall config required. For example, you can setup that firewall will accept access in from outside network to that VM but will block access from that VM to rest of local network, one exception being is Gateway (to access internet) + DNS server to resolve web queries.
@muhammadabidsaleem70483 ай бұрын
Hi MRP We are running 4 node ceph cluster with PBS on another bare metal. We have configured simple zone in SDN as well. You explained the FW well. Thank you for your efforts. please shoot some videos on FW security groups and SDN with simple and vlan zones.