[PVE-User] About PVE-Firewall and WebGUI access
ml+pve-user at valo.at
Mon Nov 16 22:16:20 CET 2015
Am 16. November 2015 22:06:02 MEZ, schrieb Hector Suarez Planas <hector.suarez at codesa.co.cu>:
>El 16/11/2015 a las 03:10 PM, Dietmar Maurer escribió:
>>> I did a test with the PC with IP address 172.16.1.254 and I reached
>>> WebGUI of Proxmox VE without problems.It is assumed that the
>>> should not allow access because the origin of the connection not
> >> from the IP address 172.16.1.6 neither172.16.1.7. :-(
> > Access form local network is enabled by default.
>Thanks for the reply, Dietmar. It may be that if you have an
>infrastructure of subnets (VLANs) controlled by routers and firewall
>appliances, but if not, if I have only one subnet, anyone could reach
>the WebGUI interface Proxmox, which should not be. :-(
Why not put that rule to the input chain of the host system?
Set the default policy oft the input chain to drop and then add a rule Luke e.g.
iptables -A INPUT -p tcp --dport 8006 -j ACCEPT ?
More information about the pve-user