Am 13.06.2014 14:54, schrieb Dietmar Maurer: >> OK seems my testing is wrong. >> >> What is did: >> >> /etc/pve/firewall/2004.fw: >> [IPSET ipfilter-net0] >> 10.10.28.5 >> >> I then enabled the Firewall for this VM. > > Also enabled the firewall in cluster.fw? > >> The VM has now 10.10.28.4 on net0 - but the VM is still able to make traffic >> with >> 10.10.28.4. Anything i did wrong? > > And you enabled the firewall on that network interface? (stop/restart VM > required). > Are normal firewall rules working?
Some details: - VM freshly started - # cat /etc/pve/firewall/cluster.fw [OPTIONS] enable: 1 - # cat /etc/pve/firewall/2004.fw [OPTIONS] enable: 1 [IPSET ipfilter-net0] 10.10.28.5 That's it. I then tried: - # cat /etc/pve/firewall/2004.fw [OPTIONS] enable: 1 [IPSET ipfilter-net0] 10.10.28.5 [RULES] OUT DROP -i net0 -p tcp -dport 80 But i can still download http content. Stefan _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel