Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.1.0
published on Sunday, Apr 26, 2026 by Daniel Muehlbachler-Pietrzykowski
published on Sunday, Apr 26, 2026 by Daniel Muehlbachler-Pietrzykowski
Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.1.0
published on Sunday, Apr 26, 2026 by Daniel Muehlbachler-Pietrzykowski
published on Sunday, Apr 26, 2026 by Daniel Muehlbachler-Pietrzykowski
A security group is a collection of rules, defined at cluster level, which can be used in all VMs’ rules. For example, you can define a group named “webserver” with rules to open the http and https ports.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
const webserver = new proxmoxve.cluster.firewall.security.GroupLegacy("webserver", {
name: "webserver",
comment: "Managed by Pulumi",
rules: [
{
type: "in",
action: "ACCEPT",
comment: "Allow HTTP",
dest: "192.168.1.5",
dport: "80",
proto: "tcp",
log: "info",
},
{
type: "in",
action: "ACCEPT",
comment: "Allow HTTPS",
dest: "192.168.1.5",
dport: "443",
proto: "tcp",
log: "info",
},
],
});
import pulumi
import pulumi_proxmoxve as proxmoxve
webserver = proxmoxve.cluster.firewall.security.GroupLegacy("webserver",
name="webserver",
comment="Managed by Pulumi",
rules=[
{
"type": "in",
"action": "ACCEPT",
"comment": "Allow HTTP",
"dest": "192.168.1.5",
"dport": "80",
"proto": "tcp",
"log": "info",
},
{
"type": "in",
"action": "ACCEPT",
"comment": "Allow HTTPS",
"dest": "192.168.1.5",
"dport": "443",
"proto": "tcp",
"log": "info",
},
])
package main
import (
"github.com/muhlba91/pulumi-proxmoxve/sdk/v8/go/proxmoxve/cluster"
"github.com/muhlba91/pulumi-proxmoxve/sdk/v8/go/proxmoxve/cluster/firewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := firewall.NewGroupLegacy(ctx, "webserver", &firewall.GroupLegacyArgs{
Name: pulumi.String("webserver"),
Comment: pulumi.String("Managed by Pulumi"),
Rules: firewall / security.GroupLegacyRuleArray{
&firewall / security.GroupLegacyRuleArgs{
Type: pulumi.String("in"),
Action: pulumi.String("ACCEPT"),
Comment: pulumi.String("Allow HTTP"),
Dest: pulumi.String("192.168.1.5"),
Dport: pulumi.String("80"),
Proto: pulumi.String("tcp"),
Log: pulumi.String("info"),
},
&firewall / security.GroupLegacyRuleArgs{
Type: pulumi.String("in"),
Action: pulumi.String("ACCEPT"),
Comment: pulumi.String("Allow HTTPS"),
Dest: pulumi.String("192.168.1.5"),
Dport: pulumi.String("443"),
Proto: pulumi.String("tcp"),
Log: pulumi.String("info"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ProxmoxVE = Pulumi.ProxmoxVE;
return await Deployment.RunAsync(() =>
{
var webserver = new ProxmoxVE.Cluster.Firewall.Security.GroupLegacy("webserver", new()
{
Name = "webserver",
Comment = "Managed by Pulumi",
Rules = new[]
{
new ProxmoxVE.Cluster.Firewall.Security.Inputs.GroupLegacyRuleArgs
{
Type = "in",
Action = "ACCEPT",
Comment = "Allow HTTP",
Dest = "192.168.1.5",
Dport = "80",
Proto = "tcp",
Log = "info",
},
new ProxmoxVE.Cluster.Firewall.Security.Inputs.GroupLegacyRuleArgs
{
Type = "in",
Action = "ACCEPT",
Comment = "Allow HTTPS",
Dest = "192.168.1.5",
Dport = "443",
Proto = "tcp",
Log = "info",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import io.muehlbachler.pulumi.proxmoxve.cluster.GroupLegacy;
import io.muehlbachler.pulumi.proxmoxve.cluster.GroupLegacyArgs;
import com.pulumi.proxmoxve.cluster.inputs.GroupLegacyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var webserver = new GroupLegacy("webserver", GroupLegacyArgs.builder()
.name("webserver")
.comment("Managed by Pulumi")
.rules(
GroupLegacyRuleArgs.builder()
.type("in")
.action("ACCEPT")
.comment("Allow HTTP")
.dest("192.168.1.5")
.dport("80")
.proto("tcp")
.log("info")
.build(),
GroupLegacyRuleArgs.builder()
.type("in")
.action("ACCEPT")
.comment("Allow HTTPS")
.dest("192.168.1.5")
.dport("443")
.proto("tcp")
.log("info")
.build())
.build());
}
}
resources:
webserver:
type: proxmoxve:cluster/firewall/security:GroupLegacy
properties:
name: webserver
comment: Managed by Pulumi
rules:
- type: in
action: ACCEPT
comment: Allow HTTP
dest: 192.168.1.5
dport: '80'
proto: tcp
log: info
- type: in
action: ACCEPT
comment: Allow HTTPS
dest: 192.168.1.5
dport: '443'
proto: tcp
log: info
Create GroupLegacy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GroupLegacy(name: string, args?: GroupLegacyArgs, opts?: CustomResourceOptions);@overload
def GroupLegacy(resource_name: str,
args: Optional[GroupLegacyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def GroupLegacy(resource_name: str,
opts: Optional[ResourceOptions] = None,
comment: Optional[str] = None,
container_id: Optional[int] = None,
name: Optional[str] = None,
node_name: Optional[str] = None,
rules: Optional[Sequence[GroupLegacyRuleArgs]] = None,
vm_id: Optional[int] = None)func NewGroupLegacy(ctx *Context, name string, args *GroupLegacyArgs, opts ...ResourceOption) (*GroupLegacy, error)public GroupLegacy(string name, GroupLegacyArgs? args = null, CustomResourceOptions? opts = null)
public GroupLegacy(String name, GroupLegacyArgs args)
public GroupLegacy(String name, GroupLegacyArgs args, CustomResourceOptions options)
type: proxmoxve:cluster/firewall/security/groupLegacy:GroupLegacy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GroupLegacyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GroupLegacyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GroupLegacyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GroupLegacyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GroupLegacyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
GroupLegacy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GroupLegacy resource accepts the following input properties:
- Comment string
- Security group comment.
- Container
Id int - The ID of the container to manage the firewall for.
- Name string
- Security group name.
- Node
Name string - The name of the node.
- Rules
List<Pulumi.
Proxmox VE. Cluster. Firewall. Security. Inputs. Group Legacy Rule> - Firewall rule block (multiple blocks supported).
- Vm
Id int - The ID of the VM to manage the firewall for.
- Comment string
- Security group comment.
- Container
Id int - The ID of the container to manage the firewall for.
- Name string
- Security group name.
- Node
Name string - The name of the node.
- Rules
[]Group
Legacy Rule Args - Firewall rule block (multiple blocks supported).
- Vm
Id int - The ID of the VM to manage the firewall for.
- comment String
- Security group comment.
- container
Id Integer - The ID of the container to manage the firewall for.
- name String
- Security group name.
- node
Name String - The name of the node.
- rules
List<Group
Legacy Rule> - Firewall rule block (multiple blocks supported).
- vm
Id Integer - The ID of the VM to manage the firewall for.
- comment string
- Security group comment.
- container
Id number - The ID of the container to manage the firewall for.
- name string
- Security group name.
- node
Name string - The name of the node.
- rules
Group
Legacy Rule[] - Firewall rule block (multiple blocks supported).
- vm
Id number - The ID of the VM to manage the firewall for.
- comment str
- Security group comment.
- container_
id int - The ID of the container to manage the firewall for.
- name str
- Security group name.
- node_
name str - The name of the node.
- rules
Sequence[Group
Legacy Rule Args] - Firewall rule block (multiple blocks supported).
- vm_
id int - The ID of the VM to manage the firewall for.
- comment String
- Security group comment.
- container
Id Number - The ID of the container to manage the firewall for.
- name String
- Security group name.
- node
Name String - The name of the node.
- rules List<Property Map>
- Firewall rule block (multiple blocks supported).
- vm
Id Number - The ID of the VM to manage the firewall for.
Outputs
All input properties are implicitly available as output properties. Additionally, the GroupLegacy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing GroupLegacy Resource
Get an existing GroupLegacy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GroupLegacyState, opts?: CustomResourceOptions): GroupLegacy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
comment: Optional[str] = None,
container_id: Optional[int] = None,
name: Optional[str] = None,
node_name: Optional[str] = None,
rules: Optional[Sequence[GroupLegacyRuleArgs]] = None,
vm_id: Optional[int] = None) -> GroupLegacyfunc GetGroupLegacy(ctx *Context, name string, id IDInput, state *GroupLegacyState, opts ...ResourceOption) (*GroupLegacy, error)public static GroupLegacy Get(string name, Input<string> id, GroupLegacyState? state, CustomResourceOptions? opts = null)public static GroupLegacy get(String name, Output<String> id, GroupLegacyState state, CustomResourceOptions options)resources: _: type: proxmoxve:cluster/firewall/security/groupLegacy:GroupLegacy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Comment string
- Security group comment.
- Container
Id int - The ID of the container to manage the firewall for.
- Name string
- Security group name.
- Node
Name string - The name of the node.
- Rules
List<Pulumi.
Proxmox VE. Cluster. Firewall. Security. Inputs. Group Legacy Rule> - Firewall rule block (multiple blocks supported).
- Vm
Id int - The ID of the VM to manage the firewall for.
- Comment string
- Security group comment.
- Container
Id int - The ID of the container to manage the firewall for.
- Name string
- Security group name.
- Node
Name string - The name of the node.
- Rules
[]Group
Legacy Rule Args - Firewall rule block (multiple blocks supported).
- Vm
Id int - The ID of the VM to manage the firewall for.
- comment String
- Security group comment.
- container
Id Integer - The ID of the container to manage the firewall for.
- name String
- Security group name.
- node
Name String - The name of the node.
- rules
List<Group
Legacy Rule> - Firewall rule block (multiple blocks supported).
- vm
Id Integer - The ID of the VM to manage the firewall for.
- comment string
- Security group comment.
- container
Id number - The ID of the container to manage the firewall for.
- name string
- Security group name.
- node
Name string - The name of the node.
- rules
Group
Legacy Rule[] - Firewall rule block (multiple blocks supported).
- vm
Id number - The ID of the VM to manage the firewall for.
- comment str
- Security group comment.
- container_
id int - The ID of the container to manage the firewall for.
- name str
- Security group name.
- node_
name str - The name of the node.
- rules
Sequence[Group
Legacy Rule Args] - Firewall rule block (multiple blocks supported).
- vm_
id int - The ID of the VM to manage the firewall for.
- comment String
- Security group comment.
- container
Id Number - The ID of the container to manage the firewall for.
- name String
- Security group name.
- node
Name String - The name of the node.
- rules List<Property Map>
- Firewall rule block (multiple blocks supported).
- vm
Id Number - The ID of the VM to manage the firewall for.
Supporting Types
GroupLegacyRule, GroupLegacyRuleArgs
- Action string
- Rule action (
ACCEPT,DROP,REJECT). - Comment string
- Rule comment.
- Dest string
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - Dport string
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - Enabled bool
- Enable this rule. Defaults to
true. - Iface string
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- Log string
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - Macro string
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- Pos int
- Position of the rule in the list.
- Proto string
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- Security
Group string - Security group name
- Source string
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - Sport string
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - Type string
- Rule type (
in,out,forward).
- Action string
- Rule action (
ACCEPT,DROP,REJECT). - Comment string
- Rule comment.
- Dest string
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - Dport string
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - Enabled bool
- Enable this rule. Defaults to
true. - Iface string
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- Log string
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - Macro string
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- Pos int
- Position of the rule in the list.
- Proto string
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- Security
Group string - Security group name
- Source string
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - Sport string
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - Type string
- Rule type (
in,out,forward).
- action String
- Rule action (
ACCEPT,DROP,REJECT). - comment String
- Rule comment.
- dest String
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - dport String
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - enabled Boolean
- Enable this rule. Defaults to
true. - iface String
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- log String
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - macro String
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- pos Integer
- Position of the rule in the list.
- proto String
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- security
Group String - Security group name
- source String
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - sport String
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - type String
- Rule type (
in,out,forward).
- action string
- Rule action (
ACCEPT,DROP,REJECT). - comment string
- Rule comment.
- dest string
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - dport string
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - enabled boolean
- Enable this rule. Defaults to
true. - iface string
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- log string
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - macro string
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- pos number
- Position of the rule in the list.
- proto string
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- security
Group string - Security group name
- source string
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - sport string
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - type string
- Rule type (
in,out,forward).
- action str
- Rule action (
ACCEPT,DROP,REJECT). - comment str
- Rule comment.
- dest str
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - dport str
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - enabled bool
- Enable this rule. Defaults to
true. - iface str
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- log str
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - macro str
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- pos int
- Position of the rule in the list.
- proto str
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- security_
group str - Security group name
- source str
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - sport str
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - type str
- Rule type (
in,out,forward).
- action String
- Rule action (
ACCEPT,DROP,REJECT). - comment String
- Rule comment.
- dest String
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - dport String
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - enabled Boolean
- Enable this rule. Defaults to
true. - iface String
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- log String
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - macro String
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- pos Number
- Position of the rule in the list.
- proto String
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- security
Group String - Security group name
- source String
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - sport String
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - type String
- Rule type (
in,out,forward).
Import
Instances can be imported using the name, e.g.,
$ pulumi import proxmoxve:cluster/firewall/security/groupLegacy:GroupLegacy webserver webserver
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- proxmoxve muhlba91/pulumi-proxmoxve
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
proxmoxTerraform Provider.
Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.1.0
published on Sunday, Apr 26, 2026 by Daniel Muehlbachler-Pietrzykowski
published on Sunday, Apr 26, 2026 by Daniel Muehlbachler-Pietrzykowski
