One of the coolest features of Proxmox VE is its built-in firewall, which acts like a digital bouncer for your virtual environment. Here's what makes it stand out:

Cluster-wide Protection

With the Proxmox firewall, you can set up security rules that apply across your entire cluster. This means you can manage security settings in one place and distribute it cluster-wide, to specific nodes or to specific VMs or CTs. 

Fine-tuned Control

Want to restrict access to a specific virtual machine? No problem! The firewall lets you create rules for individual VMs and containers, giving you precise control over who can connect and what traffic is allowed. Each rule has many different parameters so you can limit specific ports, protocols or use presets for things like HTTPs or SSH.

User-Friendly Management

The firewall comes with handy features like macros and security groups, making it easier to manage complex rules without getting lost in the details. You can create aliases for IPs and group them in IPSets. Then you can reference those IPSets in rules, allowing for deduplication and simplifying changes throughout the rules. The UI inside Proxmox is dense, offering you loads of information without many clicks and without scrolling.

Distributed Architecture

Each node in your Proxmox cluster runs its own firewall service, which means better performance and isolation for your virtual machines. This setup helps ensure that your VMs can communicate without unnecessary bottlenecks. Since there is no dedicated firewall device, there also is no single single point of failure. Even if one of your node fails, the firewall stays alive on the other nodes.

IPv4 and IPv6 Support

The Proxmox firewall supports both IPv4 and IPv6, so you don't have to juggle separate rules for different protocols. Everything is managed under one roof, simplifying your security management and giving you a better overview.


What's to come

In the next posts I want to further explore the possibilities that the Proxmox firewall gives us, create some example rules and showcase the different features.