* [PVE-User] Block all outgoing destinations not internal for a VM
@ 2025-06-06 9:11 Petric Frank via pve-user
2025-06-06 10:58 ` Alwin Antreich via pve-user
0 siblings, 1 reply; 2+ messages in thread
From: Petric Frank via pve-user @ 2025-06-06 9:11 UTC (permalink / raw)
To: pve-user; +Cc: Petric Frank
[-- Attachment #1: Type: message/rfc822, Size: 8436 bytes --]
From: Petric Frank <pfrank@gmx.de>
To: pve-user@lists.proxmox.com
Subject: Block all outgoing destinations not internal for a VM
Date: Fri, 6 Jun 2025 11:11:17 +0200
Message-ID: <aff5734d-deea-4a42-9702-fa7acd6aca8f@gmx.de>
Hello,
how to block all traffic which have not a destination IP-Address
pointing to the internal network ?
Example:
Internal network: 192.168.2.0/24
Allow: all destinations in 192.168.2.0/24
Block: any destination not in 192.168.2.0/24
How the firewall of a VM have to be configured ?
Thanks for your assistance.
kind regards
Petric
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PVE-User] Block all outgoing destinations not internal for a VM
2025-06-06 9:11 [PVE-User] Block all outgoing destinations not internal for a VM Petric Frank via pve-user
@ 2025-06-06 10:58 ` Alwin Antreich via pve-user
0 siblings, 0 replies; 2+ messages in thread
From: Alwin Antreich via pve-user @ 2025-06-06 10:58 UTC (permalink / raw)
To: Proxmox VE user list; +Cc: Alwin Antreich
[-- Attachment #1: Type: message/rfc822, Size: 4463 bytes --]
From: Alwin Antreich <alwin@antreich.com>
To: Proxmox VE user list <pve-user@lists.proxmox.com>
Subject: Re: [PVE-User] Block all outgoing destinations not internal for a VM
Date: Fri, 06 Jun 2025 12:58:33 +0200
Message-ID: <AE03C475-7B01-4D00-B19C-CD241B616ACB@antreich.com>
On June 6, 2025 11:11:17 AM GMT+02:00, Petric Frank via pve-user <pve-user@lists.proxmox.com> wrote:
>_______________________________________________
>pve-user mailing list
>pve-user@lists.proxmox.com
>https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
Hi Frank,
You can negate the match !192.168.2.0/24, the IP set has a checkbox for it. Then you can block all traffic except the internal network.
Or you order the rules, to have the allow to 192.168.2.0/24 and them deny all outgoing traffic.
Either of the above needs to be done for the incoming traffic.
Cheers,
Alwin
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-06-06 11:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-06-06 9:11 [PVE-User] Block all outgoing destinations not internal for a VM Petric Frank via pve-user
2025-06-06 10:58 ` Alwin Antreich via pve-user
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal