[PVE-User] About PVE-Firewall and WebGUI access

Christian Kivalo ml+pve-user at valo.at
Mon Nov 16 22:16:20 CET 2015

Am 16. November 2015 22:06:02 MEZ, schrieb Hector Suarez Planas <hector.suarez at codesa.co.cu>:
>El 16/11/2015 a las 03:10 PM, Dietmar Maurer escribió:
>>> I did a test with the PC with IP address and I reached
>>> WebGUI of Proxmox VE without problems.It is assumed that the
>>> should not allow access because the origin of the connection not
> >> from the IP address neither172.16.1.7. :-(
> >>
> > Access form local network is enabled by default.
>Thanks for the reply, Dietmar. It may be that if you have an 
>infrastructure of subnets (VLANs) controlled by routers and firewall 
>appliances, but if not, if I have only one subnet, anyone could reach 
>the WebGUI interface Proxmox, which should not be. :-(

Why not put that rule to the input chain of the host system?

Set the default policy oft the input chain to drop and then add a rule Luke e.g.
iptables -A INPUT -p tcp  --dport  8006 -j ACCEPT ?


More information about the pve-user mailing list