[SOLVED] Deny access to SSH


Aug 12, 2019
Hi guys,

I would like to allow access to SSH from only one IP address ( for example).

So, I set up in Proxmox firewall these rules:

Direction: in
Action: ACCEPT
Enable: yes
Protocol: TCP
Destination port: 22

Direction: in
Action: DROP

Unfortunately, I still can access the host from any other IP address (and not only from

The firewall is activated, of course, and allowing/blocking other ports, as configured.

Did I miss a setting?

Thank you.

Best regards

root@machine:~# cat /etc/pve/firewall/cluster.fw

ebtables: 1
enable: 1
log_ratelimit: burst=5,enable=0,rate=1/second
policy_in: ACCEPT


IN ACCEPT -source -p tcp -dport 22 -log nolog
GROUP proxmox
IN DROP -log nolog

[group proxmox]

|OUT Ping(ACCEPT) -log nolog
|IN Ping(ACCEPT) -log nolog
|IN ACCEPT -p udp -dport 5404:5405 -log nolog
IN ACCEPT -p tcp -dport 5900:5999 -log nolog
IN ACCEPT -p tcp -dport 85 -log nolog
IN ACCEPT -source -p tcp -dport 8006 -log nolog
IN ACCEPT -p tcp -dport 111 -log nolog
IN ACCEPT -p tcp -dport 3128 -log nolog
IN ACCEPT -source -p tcp -dport 22 -log nolog
Last edited:
Nevermind, I had to set it twice (cluster and node, I guess) to get it working.


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!