You have chosen to sponsor your bid up to a maximum amount of .
We have a Proxmox 3.1 server working perfectly (debian) and want to install csf firewall (with its IDS) so we can protect the host node without interfering the traffic of the VMs. We also want to use some features like lock some countries in csf (very easy) to the node and also to the VMs if possible.
We readed that we should add this lines to /etc/csf/csfpost.sh:
iptables -A FORWARD -d 18.104.22.168 -j ACCEPT
iptables -A FORWARD -d 22.214.171.124 -j ACCEPT
iptables -A FORWARD -d 126.96.36.199 -j ACCEPT
iptables -A FORWARD -d 188.8.131.52 -j ACCEPT
iptables -A FORWARD -d 184.108.40.206 -j ACCEPT
iptables -A FORWARD -d 220.127.116.113 -j ACCEPT
But when we enable csf connectivity to VMs doesn't work and the ping breaks, this is the network config (IPs are modified):
iface lo inet loopback
# device: eth0
iface eth0 inet static
# for single IPs
iface vmbr0 inet static
up ip route add 18.104.22.1683/32 dev vmbr0
# for a subnet
iface vmbr1 inet static
Virtualization we are using is KVM mainly, the network is routed with subnet..
This is a fast task for an expert.
We will require the list of commants used or a text indicating what has been done, so we can apply this config to another server.