Configuring the data center-specific firewall
As mentioned earlier, data center-specific firewall rules affect all resources, such as clusters, nodes, and virtual machines. Any rules created in this zone are cascaded to both hosts and VMs. This zone is also used to fully lock down a cluster to drop all incoming traffic and then only open what is required. In a freshly installed Proxmox cluster, the data center-wide firewall option is disabled.
Note
CAUTION!Â
Extra attention should always be used when creating data center-specific firewall rules to prevent full cluster lockout.
Configuring the Datacenter firewall through the GUI
The following screenshot shows the Firewall option for the Datacenter zone through the Options tab by navigating to Datacenter | Firewall | Options:
As we can see in the preceding screenshot, by default the Proxmox firewall for the Datacenter zone is disabled with Input Policy set to DROP and Output Policy set to ACCEPT. If we did enable this firewall option right now...
