From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 3B48C1FF164 for ; Fri, 6 Jun 2025 13:06:08 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 00BB4AA12; Fri, 6 Jun 2025 13:06:24 +0200 (CEST) Date: Fri, 06 Jun 2025 12:58:33 +0200 To: Proxmox VE user list In-Reply-To: References: MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE user list List-Post: From: Alwin Antreich via pve-user Precedence: list Cc: Alwin Antreich X-Mailman-Version: 2.1.29 X-BeenThere: pve-user@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE user list List-Help: Subject: Re: [PVE-User] Block all outgoing destinations not internal for a VM Content-Type: multipart/mixed; boundary="===============7952796130496967213==" Errors-To: pve-user-bounces@lists.proxmox.com Sender: "pve-user" --===============7952796130496967213== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-user@lists.proxmox.com Delivered-To: pve-user@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BF29DCC8A5 for ; Fri, 6 Jun 2025 13:06:22 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9D423A947 for ; Fri, 6 Jun 2025 13:06:22 +0200 (CEST) Received: from mx.antreich.com (mx.antreich.com [173.249.42.230]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 6 Jun 2025 13:06:21 +0200 (CEST) Received: from mx.antreich.com (localhost [127.0.0.1]) by mx.antreich.com (Proxmox) with ESMTP id E8B36762163; Fri, 6 Jun 2025 12:58:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=antreich.com; h= cc:cc:content-transfer-encoding:content-type:content-type:date :from:from:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=2025; bh=vw1Utyj4dHpaeIXkgF3c WHqKkLsLDYF7fu4Tz8SpJ8E=; b=0wcYaZkFXlUBD1clP1cPVotYsO5ljFclSTx8 L5yqDDuMIKr7xOQA/TRE9sZ2XKtiOJ/f+xFT/zOWnQcyetg4dlS7ZbMS+rODYt6G RRhCwpjYc0o/AXojuL2/1llWkfqBYofl0ZqDlNq9zL0adLQV/l/pXCKMgHsi+sYD xdoN3GKk/orwIkvrg7GwXxxX6sBJYQh+5xNppkbAwuJ372oh3PNfPdDiFIhIpVYW 9yDGo+72GaYKo7Fc5oVaprGf+64Hg12JhvVIxUcfaRcvbR+ksXoGj12NGCioVeSB yLb1cKE8aCrPtXTq1iYqvOc+S1vsfOf5Vd2IJv5Ex8B3lU2A/g== Date: Fri, 06 Jun 2025 12:58:33 +0200 From: Alwin Antreich To: Proxmox VE user list Subject: Re: [PVE-User] Block all outgoing destinations not internal for a VM In-Reply-To: References: Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-SPAM-LEVEL: Spam detection results: 0 AWL 0.099 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com,antreich.com] On June 6, 2025 11:11:17 AM GMT+02:00, Petric Frank via pve-user wrote: >_______________________________________________ >pve-user mailing list >pve-user@lists=2Eproxmox=2Ecom >https://lists=2Eproxmox=2Ecom/cgi-bin/mailman/listinfo/pve-user Hi Frank, You can negate the match !192=2E168=2E2=2E0/24, the IP set has a checkbox = for it=2E Then you can block all traffic except the internal network=2E Or you order the rules, to have the allow to 192=2E168=2E2=2E0/24 and them= deny all outgoing traffic=2E=20 Either of the above needs to be done for the incoming traffic=2E Cheers, Alwin --===============7952796130496967213== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-user mailing list pve-user@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user --===============7952796130496967213==--