Hi I am configuring the PVE firewall this afternoon, but I don't get some things. There are firewall rules in Datacenter, in Nodes (the cluster nodes) and in VMs. Is there a cascade working? Eg, are the rules in Datacenter also applicable on the Nodes? When I eg. set a Disable SSH rule in Datacenter, is SSH then blocked on all the Nodes and on all the VMs? When I disable the Datacenter firewall, is the firewall on the Nodes and VMs still active? I have a PVE cluster with 3 Nodes. On each node, I have these networks: 10.0.1.0/24 - management network 10.0.2.0/24 - corosync network 10.0.3.0/24 - ceph public network (with a separated Ceph cluster) 10.0.4.0/24 - VM network Where do I set my SSH rules to only allow SSH from Management network to the Nodes? On the Datacenter? Or on the Nodes? Where do I set the ports used by the PVE cluster, like 8006, 5900-5999, 111, 5404 and 5405? Thanks and all the best for 2019!