create vm - network firewall

[robertkwild]

hi all,

when im creating a new vm and when i come to the "Network" tab and "Firewall" tick box, what is this for, is this the system firewall, as i disable that anyway?

thanks,
rob

 

[aaron]

If you don´t want to use the integrated firewall, then disabling it is no issue.
If you want to use the integrated firewall for that guest, it will only work for NICs with the firewall checkbox enabled.

 

[robertkwild]

So if I've disabled firewalld on Rocky Linux, will it still be active

 

[aaron]

This has to do about the firewall that is available on Proxmox VE itself. Whatever happens inside the guest regarding firewalls is not affected by these settings.

 

[robertkwild]

I understand the pve has a firewall but why do each and every VM you create have a firewall

 

[aaron]

There is only one firewall on the host if you enable it. (iptables under the hood)
You can define rule for specific guests. These will only affect the guest as iptables forwarding rules are used.
But, they will only work if the firewall checkbox is enabled for the NICs used by the guest.

So the "Firewall" checkbox for the NICs does not mean that the firewall will be enabled for that guest (that is done in the Firewall submenu of each guest). But if that NIC should be involved with the firewall, should it be enabled for the guest.

With the firewall checkbox, the networking stack for that guest NIC gets less complicated, so could give you slightly better performance, but the difference shouldn't be big.