I'm doing my first install of Proxmox on a public IP today. The first thing I did after it rebooted was copy /etc/hosts.allow to the machine to control ssh access. Me, another guy, and a VPN provider we use - just a few dozen IPs out of the four billion possible, there's no need to be horsing around trying to fend off ssh brute force scanners.
I've done Google and ChatGPT looking for how to get the web interface to bind to just localhost. There's various suggestions that involve messing with pveproxy, but none of the configs I've tried work.
I'm not interested in a firewall solution for this, I want something more deterministic. I'm going to configure this once and then never need to worry about it again, while firewall rules change periodically.
I've done Google and ChatGPT looking for how to get the web interface to bind to just localhost. There's various suggestions that involve messing with pveproxy, but none of the configs I've tried work.
I'm not interested in a firewall solution for this, I want something more deterministic. I'm going to configure this once and then never need to worry about it again, while firewall rules change periodically.
