[PVE-User] About PVE-Firewall and WebGUI access
Christian Kivalo
ml+pve-user at valo.at
Mon Nov 16 22:16:20 CET 2015
Am 16. November 2015 22:06:02 MEZ, schrieb Hector Suarez Planas <hector.suarez at codesa.co.cu>:
>...
>
>El 16/11/2015 a las 03:10 PM, Dietmar Maurer escribió:
>
>>> I did a test with the PC with IP address 172.16.1.254 and I reached
>the
>>> WebGUI of Proxmox VE without problems.It is assumed that the
>firewall
>>> should not allow access because the origin of the connection not
>part
> >> from the IP address 172.16.1.6 neither172.16.1.7. :-(
> >>
>
> > Access form local network is enabled by default.
>
>Thanks for the reply, Dietmar. It may be that if you have an
>infrastructure of subnets (VLANs) controlled by routers and firewall
>appliances, but if not, if I have only one subnet, anyone could reach
>the WebGUI interface Proxmox, which should not be. :-(
Why not put that rule to the input chain of the host system?
Set the default policy oft the input chain to drop and then add a rule Luke e.g.
iptables -A INPUT -p tcp --dport 8006 -j ACCEPT ?
Regards
Christian
More information about the pve-user
mailing list