I will give an example of restricting access to the Proxmox web interface on port 8006.
To do this, create a pveproxy configuration file:
nano /etc/default/pveproxy
And add the contents to it (separated by commas, we list the trusted IP addresses from which you are allowed to open the Proxmox web interface):
ALLOW_FROM="127.0.0.1,192.168.5.5"
DENY_FROM="all"
POLICY="allow"
To exit the nano text editor, use the “Ctrl+X” and “y” keys to save changes.
Restart pveproxy to apply the changes:
service pveproxy restart
I would like to note that access will be limited only to the Proxmox web interface, and all other ports will remain open, for example by default: SSH, 111, 3128. You can check which ports are open by running the command on another server (where 192.168.7.7 is the Proxmox server):
nmap 192.168.7.7
See also my articles: