Cluster Firewall

Jul 26, 2021
Hi Guys,

I have 4 Server cluster i am trying to apply firewall rule to block 1 IP range from another interacting or accessing but i am unable to do so, i have been scratching my head since morning if someone can enlighten me a bit it would be great. firewall is enabled on Datacanter->Node-> VM also but still unable to make the rule implement on the VM. pve-firewall status also shows running.

Currently using the Latest Proxmox 7.2-7 Version with Bridge Network dhcp is managed by switch.

Trying to Block Subnet from accessing (mgmt-ip) which include blocking of Proxmox GUI also.

Attached is the Fw rule along with cluster fw config.


enable: 1

[IPSET dns]

[IPSET mgmt-ip] # 0.x Segment # 0 Segmentation(mgmt)

[IPSET nfs-ip]

[IPSET vm-ip] # 50.x Segment # 50.x Segment IP (VMs)

[IPSET vpn-ip] # VPN segment


IN ACCEPT -source +vpn-ip -p tcp -dport 22,8006 -log nolog
IN DROP -source +vm-ip -dest +mgmt-ip -log nolog # disable play seg to mgmt seg


  • Screenshot_4.png
    66 KB · Views: 9
Last edited:


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!