Resource: proxmox_virtual_environment_node_firewall¶

Warning

Deprecated: Use proxmox_node_firewall instead. This resource will be removed in v1.0.

Manages Proxmox VE Node Firewall options.

Warning

This resource in fact updates existing node firewall configuration created by PVE on bootstrap. All optional attributes have explicit defaults for deterministic behavior (PVE may change defaults in the future). See API documentation.

Example Usage¶

resource "proxmox_virtual_environment_node_firewall" "node-pve1" {
  node_name = "pve1"
  enabled   = false
}

resource "proxmox_virtual_environment_node_firewall" "pve2" {
  node_name           = "pve2"
  enabled             = true
  log_level_in        = "alert"
  log_level_out       = "alert"
  log_level_forward   = "alert"
  ndp                 = true
  nftables            = true
  nosmurfs            = true
  smurf_log_level     = "alert"
  tcp_flags_log_level = "alert"
}

Schema¶

Required¶

node_name (String) The cluster node name.

Optional¶

enabled (Boolean) Enable host firewall rules (defaults to true).
log_level_forward (String) Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
log_level_in (String) Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
log_level_out (String) Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp (Boolean) Enable NDP - Neighbor Discovery Protocol (defaults to true).
nf_conntrack_max (Number) Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nf_conntrack_tcp_timeout_established (Number) Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables (Boolean) Enable nftables based firewall (tech preview, defaults to false).
nosmurfs (Boolean) Enable SMURFS filter (defaults to true).
smurf_log_level (String) Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcp_flags_log_level (String) Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

Read-Only¶

id (String) The unique identifier of this resource.

Import¶

Import is supported using the following syntax:

terraform import proxmox_virtual_environment_node_firewall.node-pve1 pve1