Resource: proxmox_node_firewall¶

Manages Proxmox VE Node Firewall options.

Warning

This resource in fact updates existing node firewall configuration created by PVE on bootstrap. All optional attributes have explicit defaults for deterministic behavior (PVE may change defaults in the future). See API documentation.

Schema¶

Required¶

node_name (String) The cluster node name.

Optional¶

enabled (Boolean) Enable host firewall rules (defaults to true).
log_level_forward (String) Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
log_level_in (String) Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
log_level_out (String) Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp (Boolean) Enable NDP - Neighbor Discovery Protocol (defaults to true).
nf_conntrack_max (Number) Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nf_conntrack_tcp_timeout_established (Number) Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables (Boolean) Enable nftables based firewall (tech preview, defaults to false).
nosmurfs (Boolean) Enable SMURFS filter (defaults to true).
smurf_log_level (String) Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcp_flags_log_level (String) Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

Read-Only¶

id (String) The unique identifier of this resource.