Proxmox Virtual Environment (Proxmox VE) v7.13.0 published on Tuesday, Feb 10, 2026 by Daniel Muehlbachler-Pietrzykowski
Proxmox Virtual Environment (Proxmox VE) v7.13.0 published on Tuesday, Feb 10, 2026 by Daniel Muehlbachler-Pietrzykowski
Manages Proxmox VE Node Firewall options.
This resource in fact updates existing node firewall configuration created by PVE on bootstrap. All optional attributes have explicit defaults for deterministic behavior (PVE may change defaults in the future). See API documentation.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
const node_pve1 = new proxmoxve.node.Firewall("node-pve1", {
nodeName: "pve1",
enabled: false,
});
const pve2 = new proxmoxve.node.Firewall("pve2", {
nodeName: "pve2",
enabled: true,
logLevelIn: "alert",
logLevelOut: "alert",
logLevelForward: "alert",
ndp: true,
nftables: true,
nosmurfs: true,
smurfLogLevel: "alert",
tcpFlagsLogLevel: "alert",
});
import pulumi
import pulumi_proxmoxve as proxmoxve
node_pve1 = proxmoxve.node.Firewall("node-pve1",
node_name="pve1",
enabled=False)
pve2 = proxmoxve.node.Firewall("pve2",
node_name="pve2",
enabled=True,
log_level_in="alert",
log_level_out="alert",
log_level_forward="alert",
ndp=True,
nftables=True,
nosmurfs=True,
smurf_log_level="alert",
tcp_flags_log_level="alert")
package main
import (
"github.com/muhlba91/pulumi-proxmoxve/sdk/v7/go/proxmoxve/node"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := node.NewFirewall(ctx, "node-pve1", &node.FirewallArgs{
NodeName: pulumi.String("pve1"),
Enabled: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = node.NewFirewall(ctx, "pve2", &node.FirewallArgs{
NodeName: pulumi.String("pve2"),
Enabled: pulumi.Bool(true),
LogLevelIn: pulumi.String("alert"),
LogLevelOut: pulumi.String("alert"),
LogLevelForward: pulumi.String("alert"),
Ndp: pulumi.Bool(true),
Nftables: pulumi.Bool(true),
Nosmurfs: pulumi.Bool(true),
SmurfLogLevel: pulumi.String("alert"),
TcpFlagsLogLevel: pulumi.String("alert"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ProxmoxVE = Pulumi.ProxmoxVE;
return await Deployment.RunAsync(() =>
{
var node_pve1 = new ProxmoxVE.Node.Firewall("node-pve1", new()
{
NodeName = "pve1",
Enabled = false,
});
var pve2 = new ProxmoxVE.Node.Firewall("pve2", new()
{
NodeName = "pve2",
Enabled = true,
LogLevelIn = "alert",
LogLevelOut = "alert",
LogLevelForward = "alert",
Ndp = true,
Nftables = true,
Nosmurfs = true,
SmurfLogLevel = "alert",
TcpFlagsLogLevel = "alert",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import io.muehlbachler.pulumi.proxmoxve.Node.Firewall;
import io.muehlbachler.pulumi.proxmoxve.Node.FirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var node_pve1 = new Firewall("node-pve1", FirewallArgs.builder()
.nodeName("pve1")
.enabled(false)
.build());
var pve2 = new Firewall("pve2", FirewallArgs.builder()
.nodeName("pve2")
.enabled(true)
.logLevelIn("alert")
.logLevelOut("alert")
.logLevelForward("alert")
.ndp(true)
.nftables(true)
.nosmurfs(true)
.smurfLogLevel("alert")
.tcpFlagsLogLevel("alert")
.build());
}
}
resources:
node-pve1:
type: proxmoxve:Node:Firewall
properties:
nodeName: pve1
enabled: false
pve2:
type: proxmoxve:Node:Firewall
properties:
nodeName: pve2
enabled: true
logLevelIn: alert
logLevelOut: alert
logLevelForward: alert
ndp: true
nftables: true
nosmurfs: true
smurfLogLevel: alert
tcpFlagsLogLevel: alert
Create Firewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Firewall(name: string, args: FirewallArgs, opts?: CustomResourceOptions);@overload
def Firewall(resource_name: str,
args: FirewallArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
node_name: Optional[str] = None,
enabled: Optional[bool] = None,
log_level_forward: Optional[str] = None,
log_level_in: Optional[str] = None,
log_level_out: Optional[str] = None,
ndp: Optional[bool] = None,
nf_conntrack_max: Optional[int] = None,
nf_conntrack_tcp_timeout_established: Optional[int] = None,
nftables: Optional[bool] = None,
nosmurfs: Optional[bool] = None,
smurf_log_level: Optional[str] = None,
tcp_flags_log_level: Optional[str] = None)func NewFirewall(ctx *Context, name string, args FirewallArgs, opts ...ResourceOption) (*Firewall, error)public Firewall(string name, FirewallArgs args, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: proxmoxve:Node:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var proxmoxveFirewallResource = new ProxmoxVE.Node.Firewall("proxmoxveFirewallResource", new()
{
NodeName = "string",
Enabled = false,
LogLevelForward = "string",
LogLevelIn = "string",
LogLevelOut = "string",
Ndp = false,
NfConntrackMax = 0,
NfConntrackTcpTimeoutEstablished = 0,
Nftables = false,
Nosmurfs = false,
SmurfLogLevel = "string",
TcpFlagsLogLevel = "string",
});
example, err := node.NewFirewall(ctx, "proxmoxveFirewallResource", &node.FirewallArgs{
NodeName: pulumi.String("string"),
Enabled: pulumi.Bool(false),
LogLevelForward: pulumi.String("string"),
LogLevelIn: pulumi.String("string"),
LogLevelOut: pulumi.String("string"),
Ndp: pulumi.Bool(false),
NfConntrackMax: pulumi.Int(0),
NfConntrackTcpTimeoutEstablished: pulumi.Int(0),
Nftables: pulumi.Bool(false),
Nosmurfs: pulumi.Bool(false),
SmurfLogLevel: pulumi.String("string"),
TcpFlagsLogLevel: pulumi.String("string"),
})
var proxmoxveFirewallResource = new io.muehlbachler.pulumi.proxmoxve.Node.Firewall("proxmoxveFirewallResource", io.muehlbachler.pulumi.proxmoxve.Node.FirewallArgs.builder()
.nodeName("string")
.enabled(false)
.logLevelForward("string")
.logLevelIn("string")
.logLevelOut("string")
.ndp(false)
.nfConntrackMax(0)
.nfConntrackTcpTimeoutEstablished(0)
.nftables(false)
.nosmurfs(false)
.smurfLogLevel("string")
.tcpFlagsLogLevel("string")
.build());
proxmoxve_firewall_resource = proxmoxve.node.Firewall("proxmoxveFirewallResource",
node_name="string",
enabled=False,
log_level_forward="string",
log_level_in="string",
log_level_out="string",
ndp=False,
nf_conntrack_max=0,
nf_conntrack_tcp_timeout_established=0,
nftables=False,
nosmurfs=False,
smurf_log_level="string",
tcp_flags_log_level="string")
const proxmoxveFirewallResource = new proxmoxve.node.Firewall("proxmoxveFirewallResource", {
nodeName: "string",
enabled: false,
logLevelForward: "string",
logLevelIn: "string",
logLevelOut: "string",
ndp: false,
nfConntrackMax: 0,
nfConntrackTcpTimeoutEstablished: 0,
nftables: false,
nosmurfs: false,
smurfLogLevel: "string",
tcpFlagsLogLevel: "string",
});
type: proxmoxve:Node:Firewall
properties:
enabled: false
logLevelForward: string
logLevelIn: string
logLevelOut: string
ndp: false
nfConntrackMax: 0
nfConntrackTcpTimeoutEstablished: 0
nftables: false
nodeName: string
nosmurfs: false
smurfLogLevel: string
tcpFlagsLogLevel: string
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Firewall resource accepts the following input properties:
- Node
Name string - The cluster node name.
- Enabled bool
- Enable host firewall rules (defaults to
true). - Log
Level stringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Log
Level stringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Log
Level stringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Ndp bool
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - Nf
Conntrack intMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - Nf
Conntrack intTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - Nftables bool
- Enable nftables based firewall (tech preview, defaults to
false). - Nosmurfs bool
- Enable SMURFS filter (defaults to
true). - Smurf
Log stringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Tcp
Flags stringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- Node
Name string - The cluster node name.
- Enabled bool
- Enable host firewall rules (defaults to
true). - Log
Level stringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Log
Level stringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Log
Level stringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Ndp bool
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - Nf
Conntrack intMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - Nf
Conntrack intTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - Nftables bool
- Enable nftables based firewall (tech preview, defaults to
false). - Nosmurfs bool
- Enable SMURFS filter (defaults to
true). - Smurf
Log stringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Tcp
Flags stringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- node
Name String - The cluster node name.
- enabled Boolean
- Enable host firewall rules (defaults to
true). - log
Level StringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level StringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level StringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - ndp Boolean
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - nf
Conntrack IntegerMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - nf
Conntrack IntegerTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - nftables Boolean
- Enable nftables based firewall (tech preview, defaults to
false). - nosmurfs Boolean
- Enable SMURFS filter (defaults to
true). - smurf
Log StringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - tcp
Flags StringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- node
Name string - The cluster node name.
- enabled boolean
- Enable host firewall rules (defaults to
true). - log
Level stringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level stringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level stringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - ndp boolean
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - nf
Conntrack numberMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - nf
Conntrack numberTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - nftables boolean
- Enable nftables based firewall (tech preview, defaults to
false). - nosmurfs boolean
- Enable SMURFS filter (defaults to
true). - smurf
Log stringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - tcp
Flags stringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- node_
name str - The cluster node name.
- enabled bool
- Enable host firewall rules (defaults to
true). - log_
level_ strforward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log_
level_ strin - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log_
level_ strout - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - ndp bool
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - nf_
conntrack_ intmax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - nf_
conntrack_ inttcp_ timeout_ established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - nftables bool
- Enable nftables based firewall (tech preview, defaults to
false). - nosmurfs bool
- Enable SMURFS filter (defaults to
true). - smurf_
log_ strlevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - tcp_
flags_ strlog_ level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- node
Name String - The cluster node name.
- enabled Boolean
- Enable host firewall rules (defaults to
true). - log
Level StringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level StringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level StringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - ndp Boolean
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - nf
Conntrack NumberMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - nf
Conntrack NumberTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - nftables Boolean
- Enable nftables based firewall (tech preview, defaults to
false). - nosmurfs Boolean
- Enable SMURFS filter (defaults to
true). - smurf
Log StringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - tcp
Flags StringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Firewall Resource
Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
enabled: Optional[bool] = None,
log_level_forward: Optional[str] = None,
log_level_in: Optional[str] = None,
log_level_out: Optional[str] = None,
ndp: Optional[bool] = None,
nf_conntrack_max: Optional[int] = None,
nf_conntrack_tcp_timeout_established: Optional[int] = None,
nftables: Optional[bool] = None,
node_name: Optional[str] = None,
nosmurfs: Optional[bool] = None,
smurf_log_level: Optional[str] = None,
tcp_flags_log_level: Optional[str] = None) -> Firewallfunc GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)resources: _: type: proxmoxve:Node:Firewall get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Enabled bool
- Enable host firewall rules (defaults to
true). - Log
Level stringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Log
Level stringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Log
Level stringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Ndp bool
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - Nf
Conntrack intMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - Nf
Conntrack intTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - Nftables bool
- Enable nftables based firewall (tech preview, defaults to
false). - Node
Name string - The cluster node name.
- Nosmurfs bool
- Enable SMURFS filter (defaults to
true). - Smurf
Log stringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Tcp
Flags stringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- Enabled bool
- Enable host firewall rules (defaults to
true). - Log
Level stringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Log
Level stringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Log
Level stringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Ndp bool
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - Nf
Conntrack intMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - Nf
Conntrack intTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - Nftables bool
- Enable nftables based firewall (tech preview, defaults to
false). - Node
Name string - The cluster node name.
- Nosmurfs bool
- Enable SMURFS filter (defaults to
true). - Smurf
Log stringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - Tcp
Flags stringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- enabled Boolean
- Enable host firewall rules (defaults to
true). - log
Level StringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level StringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level StringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - ndp Boolean
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - nf
Conntrack IntegerMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - nf
Conntrack IntegerTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - nftables Boolean
- Enable nftables based firewall (tech preview, defaults to
false). - node
Name String - The cluster node name.
- nosmurfs Boolean
- Enable SMURFS filter (defaults to
true). - smurf
Log StringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - tcp
Flags StringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- enabled boolean
- Enable host firewall rules (defaults to
true). - log
Level stringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level stringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level stringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - ndp boolean
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - nf
Conntrack numberMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - nf
Conntrack numberTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - nftables boolean
- Enable nftables based firewall (tech preview, defaults to
false). - node
Name string - The cluster node name.
- nosmurfs boolean
- Enable SMURFS filter (defaults to
true). - smurf
Log stringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - tcp
Flags stringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- enabled bool
- Enable host firewall rules (defaults to
true). - log_
level_ strforward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log_
level_ strin - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log_
level_ strout - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - ndp bool
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - nf_
conntrack_ intmax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - nf_
conntrack_ inttcp_ timeout_ established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - nftables bool
- Enable nftables based firewall (tech preview, defaults to
false). - node_
name str - The cluster node name.
- nosmurfs bool
- Enable SMURFS filter (defaults to
true). - smurf_
log_ strlevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - tcp_
flags_ strlog_ level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
- enabled Boolean
- Enable host firewall rules (defaults to
true). - log
Level StringForward - Log level for forwarded traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level StringIn - Log level for incoming traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - log
Level StringOut - Log level for outgoing traffic. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - ndp Boolean
- Enable NDP - Neighbor Discovery Protocol (defaults to
true). - nf
Conntrack NumberMax - Maximum number of tracked connections (defaults to
262144). Minimum value is32768. - nf
Conntrack NumberTcp Timeout Established - Conntrack established timeout in seconds (defaults to
432000- 5 days). Minimum value is7875. - nftables Boolean
- Enable nftables based firewall (tech preview, defaults to
false). - node
Name String - The cluster node name.
- nosmurfs Boolean
- Enable SMURFS filter (defaults to
true). - smurf
Log StringLevel - Log level for SMURFS filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog). - tcp
Flags StringLog Level - Log level for illegal tcp flags filter. Must be one of:
emerg,alert,crit,err,warning,notice,info,debug,nolog(defaults tonolog).
Import
$ pulumi import proxmoxve:Node/firewall:Firewall node-pve1 pve1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- proxmoxve muhlba91/pulumi-proxmoxve
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
proxmoxTerraform Provider.
Proxmox Virtual Environment (Proxmox VE) v7.13.0 published on Tuesday, Feb 10, 2026 by Daniel Muehlbachler-Pietrzykowski
