[PVE-User] Proxmox firewall – Ceph macro
uwe.sauter.de at gmail.com
Tue Jan 21 13:50:29 CET 2020
I suspect that the Ceph macro in the firewall settings on datacenter level does not contain the complete list of necessary ports,
As soon as I enable the firewall on datacenter level I get slow ops reported from Ceph.
The firewall configuration line is:
interface: <non given>
source: ipset "+px_cluster"
destination: ipset "+px_cluster"
protocol: <non given>
dest port: <non given>
source port: <non given>
log level: nolog
IPset "+px_cluster" contains all IP addresses from the clunster interface the cluster members. The IP addresses of the management
interfaces are not in that set.
Can anybody confirm that this is indeed an incomplete macro or is something wrong with my configuration?
More information about the pve-user