🛡️ Proxmox Full Firewall Auto-Setup Script
This Bash script configures the Proxmox firewall on all levels:
- Datacenter: Enables firewall and sets default rules
- Node: Applies secure access rules to the current node
- VM: Applies firewall to a specific VM (if exists)
📌 Default Configuration
- Trusted IP:
192.0.2.100 - Ports Allowed: SSH (22), Web UI (8006), HTTP (80), HTTPS (443)
- VM ID:
101(you can change it)
📜 Script Content
#!/bin/bash
# Proxmox Firewall Auto-Setup Script (Node + Datacenter + VM)
# Author: almAram
# --- Configuration ---
TRUSTED_IP="192.0.2.100"
VMID="101"
NODE_NAME=$(hostname)
DATACENTER_CFG="/etc/pve/datacenter.cfg"
NODE_FW="/etc/pve/nodes/$NODE_NAME/host.fw"
DC_FW="/etc/pve/firewall.datacenter"
VM_FW="/etc/pve/qemu-server/$VMID.fw"
# ----------------------
echo "🔰 Starting Proxmox Firewall Setup..."
# Enable firewall at datacenter level
if ! grep -q "firewall: 1" "$DATACENTER_CFG" 2>/dev/null; then
echo "Enabling firewall in datacenter.cfg"
echo "firewall: 1" >> "$DATACENTER_CFG"
fi
# Write datacenter firewall rules
echo "Writing datacenter rules..."
cat > "$DC_FW" < "$NODE_FW" < "$VM_FW" <🚀 How to Use
- Save the script as
setup_proxmox_firewall.sh - Make it executable:
chmod +x setup_proxmox_firewall.sh - Run it:
./setup_proxmox_firewall.sh - Verify access before closing SSH session.
Important: Change
TRUSTED_IP to your real IP address to avoid losing access!✅ You now have firewall protection enabled at:
- Datacenter Level
- Node Level (host.fw)
- VM Level (if VM ID exists)
Test your SSH and Web UI before applying to production environments.
