Configuring the data center-specific firewall
As mentioned earlier, data center-specific firewall rules affect all resources, such as clusters, nodes, and virtual machines. Any rules created in this zone are cascaded to both hosts and VMs. This zone is also used to fully lock down a cluster to drop all incoming traffic and then only open what is required. In a freshly installed Proxmox cluster, the data center-wide firewall option is disabled.
Note
CAUTION!
Extra attention should always be used when creating data center-specific firewall rules to prevent full cluster lockout.
Configuring the Datacenter firewall through the GUI
The following screenshot shows the Firewall
option for the Datacenter
zone through the Options
tab by navigating to Datacenter
| Firewall
| Options
:
As we can see in the preceding screenshot, by default the Proxmox firewall for the Datacenter
zone is disabled with Input Policy
set to DROP
and Output Policy
set to ACCEPT
. If we did enable this firewall option right now...