Firewalling at Datacentre/HV level

XN-Matt

Well-Known Member
Aug 21, 2017
91
7
48
42
This isn't so much a support request but a feature improvement.

Currently you can set firewall rules on the cluster/dc level, hv/node and VM.

We would like to apply some rules at the highest level that filter down to VM, such as ports we want to block for all users (i.e malicious ports used for DDoS etc). Currently this can be done via command line that we've read but it moves this to manual configuration and it would be nice to have that within the GUI and replicated within /etc/pve/firewall configurations.

Seeing this in the future would likely benefit others too.
 
Already using them for wider management and for our internal VMs but would like to do this filtering on customer VM which they cannot see or change which as far as I know won't help with.

Some ports need to be blocked at the entry point to stop those customers who have VMs which are just not secure from being used for common and malicious purposes. Also would allow easy blocking of SMTP at a higher level, as a really good example of what some would need to have enforced but then those that need it for good reason can request etc.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!