Introduction
The firewall feature in Proxmox VE provides an excellent means to strengthen security within a virtual environment. Proxmox firewall is built on a well-established Linux-based netfilter technology. Netfilter is based on a packet filtering framework, where network data packets are allowed or denied based on a set of defined rules. All the rules are defined as table structures in iptables.
Note
To learn more about netfilter, visit http://www.netfilter.org/.
The firewall feature in Proxmox is also a stateful firewall. A stateful firewall is not just a data packet filter, but it also keeps a constant track of the state of active network connections, such as TCP or UDP protocols. It is also known as dynamic packet filtering, which matches firewall rules with the nature of active connections, providing better protection than simply filtering packets.
Note
For information on stateful firewalls, visit https://en.wikipedia.org/wiki/Stateful_firewall.
The Proxmox firewall operates in a distributed...
