I will give an example of enabling and configuring the Firewall in Proxmox. By default, the Firewall is disabled and there are open ports, for example: SSH, 111, 3128, 8006.
You can check which ports are open by running the command on another server (where 192.168.7.7 is the Proxmox server):
nmap 192.168.7.7
Let’s start adding rules through the Proxmox web panel, open “Data Processing Center” – “Firewall”, click the “Add” button. The principle of the rules is the same as in any other Firewall – by default we block all incoming connections and add the necessary allowing rules.
First, let’s create a rule that will open the SSH port for everyone, change the SSH port to some other one in advance, otherwise the standard 22 tcp will constantly be attacked by viruses and bots:
Direction: in
Action: ACCEPT
Enable: x
Protocol: tcp
Destination port: 2222
Then we’ll add a rule that will allow access to the Proxmox web interface on port 8006 only for your IP address:
Direction: in
Action: ACCEPT
Source: your IP
Enable: x
Protocol: tcp
Destination port: 8006
If there are a lot of trusted IP addresses, then you can add them to the IPset list and then specify this list in the rule as the source.
Now you can activate the Firewall; to do this, open “Data Center” – “Firewall” – “Settings”. Select “Firewall – No”, click “Edit” and change to “Yes”, this will enable the firewall. Since the default rules for incoming traffic are “DROP”, all incoming traffic to the Proxmox server will be blocked, except for traffic passing according to the rules that you added earlier.
See also my articles:
How to change the SSH port
How to restrict access to the Proxmox WEB interface