proxmox-utils/host/templates/etc/pve/firewall/cluster.fw

[OPTIONS]

enable: 1

[IPSET management]


[RULES]

IN ACCEPT -i vmbr3 -log nolog # ADMIN
IN REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
IN REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
OUT REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
OUT REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
IN DHCPfwd(REJECT) -i vmbr0 -log nolog
OUT DHCPfwd(REJECT) -i vmbr0 -log nolog
IN DNS(ACCEPT) -i vmbr0 -log nolog
IN Ping(ACCEPT) -i vmbr0 -log nolog
IN SSH(ACCEPT) -i vmbr0 -log nolog
IN ACCEPT -i vmbr0 -p udp -dport 51820 -log nolog # Wireguard
IN ACCEPT -i vmbr0 -p udp -dport 51821 -log nolog # Wireguard (alt)
|IN OpenVPN(ACCEPT) -i vmbr0 -log nolog
IN Web(ACCEPT) -i vmbr0 -log nolog
IN ACCEPT -i vmbr0 -p udp -dport 22027 -log nolog # syncthing
IN ACCEPT -i vmbr0 -p udp -dport 22000 -log nolog # syncthing
IN ACCEPT -i vmbr0 -p tcp -dport 22000 -log nolog # syncthing
IN SMB(ACCEPT) -i vmbr0 -log nolog
IN Git(ACCEPT) -i vmbr0 -log nolog
|IN Rsync(ACCEPT) -i vmbr0 -log nolog
|IN REJECT -i vmbr0 -log nolog # ALL

[group landings]
working on host setup... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2024-01-15 16:47:30 +03:00			`[OPTIONS]`

			`enable: 1`

			`[IPSET management]`


			`[RULES]`

fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2024-01-15 18:38:43 +03:00			`IN ACCEPT -i vmbr3 -log nolog # ADMIN`
working on host setup... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2024-01-15 16:47:30 +03:00			`IN REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp`
			`IN REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp`
			`OUT REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp`
			`OUT REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp`
			`IN DHCPfwd(REJECT) -i vmbr0 -log nolog`
			`OUT DHCPfwd(REJECT) -i vmbr0 -log nolog`
			`IN DNS(ACCEPT) -i vmbr0 -log nolog`
			`IN Ping(ACCEPT) -i vmbr0 -log nolog`
			`IN SSH(ACCEPT) -i vmbr0 -log nolog`
fix... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2024-01-15 18:38:43 +03:00			`IN ACCEPT -i vmbr0 -p udp -dport 51820 -log nolog # Wireguard`
			`IN ACCEPT -i vmbr0 -p udp -dport 51821 -log nolog # Wireguard (alt)`
fix Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2024-01-15 16:59:06 +03:00			`\|IN OpenVPN(ACCEPT) -i vmbr0 -log nolog`
working on host setup... Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com> 2024-01-15 16:47:30 +03:00			`IN Web(ACCEPT) -i vmbr0 -log nolog`
			`IN ACCEPT -i vmbr0 -p udp -dport 22027 -log nolog # syncthing`
			`IN ACCEPT -i vmbr0 -p udp -dport 22000 -log nolog # syncthing`
			`IN ACCEPT -i vmbr0 -p tcp -dport 22000 -log nolog # syncthing`
			`IN SMB(ACCEPT) -i vmbr0 -log nolog`
			`IN Git(ACCEPT) -i vmbr0 -log nolog`
			`\|IN Rsync(ACCEPT) -i vmbr0 -log nolog`
			`\|IN REJECT -i vmbr0 -log nolog # ALL`

			`[group landings]`