Configuring the Datacenter-specific firewall
As mentioned earlier, Datacenter-specific firewall rules affect all resources, such as cluster, nodes, and virtual machines. Any rules created in this zone are cascaded to both hosts and VMs. This zone is also used to fully lock down a cluster to drop all incoming traffic and then only open what is required. In a freshly installed Proxmox cluster, the Datacenter-wide firewall option is disabled.
Note
CAUTION! Attention must be given to this section to prevent full cluster lock out.
Configuring the Datacenter firewall through the GUI
The following screenshot shows the firewall option for the Datacenter zone through the Options tab by navigating to Datacenter | Firewall | Options:
As we can see, in the preceding screenshot, the Proxmox firewall for the Datacenter zone is disabled by default, with Input Policy set to Drop and Output Policy set to Accept. If we did enable this firewall option right now, then all inbound access would be denied. You would...
