[PVE-User] Iptables question
Shain Miley
SMiley at npr.org
Fri Jul 8 21:28:12 CEST 2011
Hello,
I setup some iptables rules on the proxmox host node, so far they seem to be working as expected. I thought that these rules would also apply to the VM's as well, however it seems that the traffic is not being filtered when it comes to the vm's that I create.
Here is the script that I am using on the hostnode:
#!/bin/sh
# iptables script generated 2011-05-10
# http://www.mista.nu/iptables
IPT="/sbin/iptables"
# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain
# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# Enable free use of internal interface ETH0
$IPT -A INPUT -i vmbr0 -j ACCEPT
$IPT -A OUTPUT -o vmbro -j ACCEPT
# Accept inbound TCP packets
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -s 209.123.35.0/22 -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -m state --state NEW -s 209.123.35.0/22 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -m state --state NEW -s 209.123.35.0/22 -j ACCEPT
# Accept inbound ICMP messages
$IPT -A INPUT -p ICMP --icmp-type 8 -s 0.0.0.0/0 -j ACCEPT
All vm's are using venet interfaces.
One thing that I have not tried is to re-run this script after I create the vm...other then that I am not sure what needs to be done.
Does anyone have any suggestions?
Thanks in advance,
Shain
More information about the pve-user
mailing list