Setup Proxmox firewall

Tip

The Proxmox firewall is only used to protect the PVE node and its VMs on the management interface vmbr0. It has nothing to do with the virtual router firewall that will be created later.

Proxmox has a multi-layer firewall, which can be enabled at the Datacenter, PVE node, and VM levels. The Datacenter firewall sets the default policy. The Node firewall will be used to protect the PVE node itself, while the VM firewalls protects individual VMs.

Enable the Datacenter and Node firewalls

By default, the firewalls are disabled. Reset the firewall, add some basic rules, and enable the firewalls now:

Download and run the proxmox_firewall.sh script:

Run this on the Proxmox PVE host

wget https://raw.githubusercontent.com/EnigmaCurry/blog.rymcg.tech/master/src/proxmox/proxmox_firewall.sh

chmod +x proxmox_firewall.sh

Run this on the Proxmox PVE host

./proxmox_firewall.sh

(stdout)

? This will reset the Node and Datacenter firewalls and delete all existing rules.. Proceed? (y/N): y

Enter the management interface (e.g., vmbr0)

: vmbr0

Which subnet is allowed to access the management interface?

: 0.0.0.0/0

Allowing ICMP ping response from the management interface.
Allowing access to SSH (22) for the management interface.
Allowing access to Proxmox console (8006) for the management interface.
Enabling Node firewall.
Enabling Datacenter firewall.