Firewall rule to only allow specific IP's to one VM

[vs2015sv]

Hello,

I am running a demo nethserver (domain) VM in proxmox 7.1-12 along with many other VM's.

I would like to restrict which IP's can access the nethserver cockpit (Http://IP address&port) (Just one VM) via the proxmox firewall.

Could I please get some advice on how to properly do this?
From the videos I watched, they say you need to enable ssh and http access in the firewall or you will be locked out?


Again, I want to keep everything how it is but just limit which IP's can log into the cockpit.

Thanks!

 

[spirit]

you simply need to add firewall on this specifc vm.

configure default incoming rules to rejet or deny, then add accept rules for each ips. (or better, create an ipset with all ips, and add 1 accept rule for this ipset )

 

[vs2015sv]

So I just need to enable the firewall at the datacenter level and then go into the VM and add specific firewall rules?
I won't get locked out if I don't add a ssh rule to the datacenter?

 

[spirit]

So I just need to enable the firewall at the datacenter level and then go into the VM and add specific firewall rules?
I won't get locked out if I don't add a ssh rule to the datacenter?

you can enable firewall at datacenter level && disable it on hosts. (I'll still works on vm)