This is a fantastic channel! Pure, useful info! I was just wandering around the forums trying to figure this out for myself (e.g. don't want VMs to be able to just reach out to the proxmox nodes' web interfaces themselves!), so I'm so glad I stumbled upon this!

This is actually so useful. Just discovered your channel. You are a beast

I set output policy to drop everywhere, then defined 1st rule accept with destination gateway, 2nd rule drop with destination ALL local IPV4 addresses, third accept out anywhere else

Very cool. I was wondering about this. I had them turned off, but you showed how to implement correctly. Thanks!

Thanks for sharing. A nice and clean video with a lot of useful information to me

It's a good idea to block all traffic except that directed to gateway

Love your videos. Thank you for sharing your knowledge :) Hugs from Portugal!

This is a great video. I am a very big fan of IPTABLES. Behind the scene it is the IPtables at work. This gives a very eassy way to write the rules. It would be good to see if we write the Iptables rules in the proxmos shell, will it refelect in the proxmos gui. Proxmos is really good. I remember in the late 90s we have this Webadmin for linux which is gui based configuration and now I see proxmox like that tool with hypervisor capability. Thanks again MRP. This is a great video.

Great video!! As a complement to this one can you please make one for setting up vlan? Thanks

Great video, thank you very much. However, what I don't understand is that when I run the command 'nmap -sn' in the 'vm', it can still see the other devices on my local network. Does anyone know why?

Great video, thanks

I don't get why out rules towards the internet are needed when the default policy for output was already ACCEPT under Datacenter, and also the individual LXC. Shouldn't it be turned to DROP for output rules to become necessary, otherwise everything out is accepted?

Hello Sir! May I ask you a question? Which rule do I have to add to the firewall to reject all traffic and connections to ipv6 adresses? When I activate the "Localnet" profile it blocks all IPV4 only.

What would be the best way to run a firewall? Local router -> Proxmox -> PFsense ( manage all interfaces from Promox ) or PFSense -> Proxmox ?

This is actually so useful. Thanks!

thx

Thank you. Great video and tutorial.

Can this be used for public facing server VMs to prevent access to the rest of the network in the event the server is compromised?

Hi MRP We are running 4 node ceph cluster with PBS on another bare metal. We have configured simple zone in SDN as well. You explained the FW well. Thank you for your efforts. please shoot some videos on FW security groups and SDN with simple and vlan zones.

Thanks.