proxmoxve.node.FirewallLegacy

Proxmox Virtual Environment (Proxmox VE) v8.0.0, Apr 5 26

Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.0.0
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski

Schema (JSON)

muhlba91/pulumi-proxmoxve

Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.0.0
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski

Schema (JSON)

muhlba91/pulumi-proxmoxve

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";

const node_pve1 = new proxmoxve.node.FirewallLegacy("node-pve1", {
    nodeName: "pve1",
    enabled: false,
});
const pve2 = new proxmoxve.node.FirewallLegacy("pve2", {
    nodeName: "pve2",
    enabled: true,
    logLevelIn: "alert",
    logLevelOut: "alert",
    logLevelForward: "alert",
    ndp: true,
    nftables: true,
    nosmurfs: true,
    smurfLogLevel: "alert",
    tcpFlagsLogLevel: "alert",
});

import pulumi
import pulumi_proxmoxve as proxmoxve

node_pve1 = proxmoxve.node.FirewallLegacy("node-pve1",
    node_name="pve1",
    enabled=False)
pve2 = proxmoxve.node.FirewallLegacy("pve2",
    node_name="pve2",
    enabled=True,
    log_level_in="alert",
    log_level_out="alert",
    log_level_forward="alert",
    ndp=True,
    nftables=True,
    nosmurfs=True,
    smurf_log_level="alert",
    tcp_flags_log_level="alert")

package main

import (
	"github.com/muhlba91/pulumi-proxmoxve/sdk/v8/go/proxmoxve/node"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := node.NewFirewallLegacy(ctx, "node-pve1", &node.FirewallLegacyArgs{
			NodeName: pulumi.String("pve1"),
			Enabled:  pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		_, err = node.NewFirewallLegacy(ctx, "pve2", &node.FirewallLegacyArgs{
			NodeName:         pulumi.String("pve2"),
			Enabled:          pulumi.Bool(true),
			LogLevelIn:       pulumi.String("alert"),
			LogLevelOut:      pulumi.String("alert"),
			LogLevelForward:  pulumi.String("alert"),
			Ndp:              pulumi.Bool(true),
			Nftables:         pulumi.Bool(true),
			Nosmurfs:         pulumi.Bool(true),
			SmurfLogLevel:    pulumi.String("alert"),
			TcpFlagsLogLevel: pulumi.String("alert"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ProxmoxVE = Pulumi.ProxmoxVE;

return await Deployment.RunAsync(() => 
{
    var node_pve1 = new ProxmoxVE.Node.FirewallLegacy("node-pve1", new()
    {
        NodeName = "pve1",
        Enabled = false,
    });

    var pve2 = new ProxmoxVE.Node.FirewallLegacy("pve2", new()
    {
        NodeName = "pve2",
        Enabled = true,
        LogLevelIn = "alert",
        LogLevelOut = "alert",
        LogLevelForward = "alert",
        Ndp = true,
        Nftables = true,
        Nosmurfs = true,
        SmurfLogLevel = "alert",
        TcpFlagsLogLevel = "alert",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import io.muehlbachler.pulumi.proxmoxve.node.FirewallLegacy;
import io.muehlbachler.pulumi.proxmoxve.node.FirewallLegacyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var node_pve1 = new FirewallLegacy("node-pve1", FirewallLegacyArgs.builder()
            .nodeName("pve1")
            .enabled(false)
            .build());

        var pve2 = new FirewallLegacy("pve2", FirewallLegacyArgs.builder()
            .nodeName("pve2")
            .enabled(true)
            .logLevelIn("alert")
            .logLevelOut("alert")
            .logLevelForward("alert")
            .ndp(true)
            .nftables(true)
            .nosmurfs(true)
            .smurfLogLevel("alert")
            .tcpFlagsLogLevel("alert")
            .build());

    }
}

resources:
  node-pve1:
    type: proxmoxve:node:FirewallLegacy
    properties:
      nodeName: pve1
      enabled: false
  pve2:
    type: proxmoxve:node:FirewallLegacy
    properties:
      nodeName: pve2
      enabled: true
      logLevelIn: alert
      logLevelOut: alert
      logLevelForward: alert
      ndp: true
      nftables: true
      nosmurfs: true
      smurfLogLevel: alert
      tcpFlagsLogLevel: alert

Create FirewallLegacy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallLegacy(name: string, args: FirewallLegacyArgs, opts?: CustomResourceOptions);

@overload
def FirewallLegacy(resource_name: str,
                   args: FirewallLegacyArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def FirewallLegacy(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   node_name: Optional[str] = None,
                   enabled: Optional[bool] = None,
                   log_level_forward: Optional[str] = None,
                   log_level_in: Optional[str] = None,
                   log_level_out: Optional[str] = None,
                   ndp: Optional[bool] = None,
                   nf_conntrack_max: Optional[int] = None,
                   nf_conntrack_tcp_timeout_established: Optional[int] = None,
                   nftables: Optional[bool] = None,
                   nosmurfs: Optional[bool] = None,
                   smurf_log_level: Optional[str] = None,
                   tcp_flags_log_level: Optional[str] = None)

func NewFirewallLegacy(ctx *Context, name string, args FirewallLegacyArgs, opts ...ResourceOption) (*FirewallLegacy, error)

public FirewallLegacy(string name, FirewallLegacyArgs args, CustomResourceOptions? opts = null)

public FirewallLegacy(String name, FirewallLegacyArgs args)
public FirewallLegacy(String name, FirewallLegacyArgs args, CustomResourceOptions options)

type: proxmoxve:node:FirewallLegacy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallLegacyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallLegacyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallLegacyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallLegacyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallLegacyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var proxmoxveFirewallLegacyResource = new ProxmoxVE.Node.FirewallLegacy("proxmoxveFirewallLegacyResource", new()
{
    NodeName = "string",
    Enabled = false,
    LogLevelForward = "string",
    LogLevelIn = "string",
    LogLevelOut = "string",
    Ndp = false,
    NfConntrackMax = 0,
    NfConntrackTcpTimeoutEstablished = 0,
    Nftables = false,
    Nosmurfs = false,
    SmurfLogLevel = "string",
    TcpFlagsLogLevel = "string",
});

example, err := node.NewFirewallLegacy(ctx, "proxmoxveFirewallLegacyResource", &node.FirewallLegacyArgs{
	NodeName:                         pulumi.String("string"),
	Enabled:                          pulumi.Bool(false),
	LogLevelForward:                  pulumi.String("string"),
	LogLevelIn:                       pulumi.String("string"),
	LogLevelOut:                      pulumi.String("string"),
	Ndp:                              pulumi.Bool(false),
	NfConntrackMax:                   pulumi.Int(0),
	NfConntrackTcpTimeoutEstablished: pulumi.Int(0),
	Nftables:                         pulumi.Bool(false),
	Nosmurfs:                         pulumi.Bool(false),
	SmurfLogLevel:                    pulumi.String("string"),
	TcpFlagsLogLevel:                 pulumi.String("string"),
})

var proxmoxveFirewallLegacyResource = new io.muehlbachler.pulumi.proxmoxve.node.FirewallLegacy("proxmoxveFirewallLegacyResource", io.muehlbachler.pulumi.proxmoxve.node.FirewallLegacyArgs.builder()
    .nodeName("string")
    .enabled(false)
    .logLevelForward("string")
    .logLevelIn("string")
    .logLevelOut("string")
    .ndp(false)
    .nfConntrackMax(0)
    .nfConntrackTcpTimeoutEstablished(0)
    .nftables(false)
    .nosmurfs(false)
    .smurfLogLevel("string")
    .tcpFlagsLogLevel("string")
    .build());

proxmoxve_firewall_legacy_resource = proxmoxve.node.FirewallLegacy("proxmoxveFirewallLegacyResource",
    node_name="string",
    enabled=False,
    log_level_forward="string",
    log_level_in="string",
    log_level_out="string",
    ndp=False,
    nf_conntrack_max=0,
    nf_conntrack_tcp_timeout_established=0,
    nftables=False,
    nosmurfs=False,
    smurf_log_level="string",
    tcp_flags_log_level="string")

const proxmoxveFirewallLegacyResource = new proxmoxve.node.FirewallLegacy("proxmoxveFirewallLegacyResource", {
    nodeName: "string",
    enabled: false,
    logLevelForward: "string",
    logLevelIn: "string",
    logLevelOut: "string",
    ndp: false,
    nfConntrackMax: 0,
    nfConntrackTcpTimeoutEstablished: 0,
    nftables: false,
    nosmurfs: false,
    smurfLogLevel: "string",
    tcpFlagsLogLevel: "string",
});

type: proxmoxve:node:FirewallLegacy
properties:
    enabled: false
    logLevelForward: string
    logLevelIn: string
    logLevelOut: string
    ndp: false
    nfConntrackMax: 0
    nfConntrackTcpTimeoutEstablished: 0
    nftables: false
    nodeName: string
    nosmurfs: false
    smurfLogLevel: string
    tcpFlagsLogLevel: string

FirewallLegacy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FirewallLegacy resource accepts the following input properties:

NodeName string: The cluster node name.
Enabled bool: Enable host firewall rules (defaults to true).
LogLevelForward string: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
LogLevelIn string: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
LogLevelOut string: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
Ndp bool: Enable NDP - Neighbor Discovery Protocol (defaults to true).
NfConntrackMax int: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
NfConntrackTcpTimeoutEstablished int: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
Nftables bool: Enable nftables based firewall (tech preview, defaults to false).
Nosmurfs bool: Enable SMURFS filter (defaults to true).
SmurfLogLevel string: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
TcpFlagsLogLevel string: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

NodeName string: The cluster node name.
Enabled bool: Enable host firewall rules (defaults to true).
LogLevelForward string: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
LogLevelIn string: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
LogLevelOut string: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
Ndp bool: Enable NDP - Neighbor Discovery Protocol (defaults to true).
NfConntrackMax int: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
NfConntrackTcpTimeoutEstablished int: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
Nftables bool: Enable nftables based firewall (tech preview, defaults to false).
Nosmurfs bool: Enable SMURFS filter (defaults to true).
SmurfLogLevel string: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
TcpFlagsLogLevel string: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

nodeName String: The cluster node name.
enabled Boolean: Enable host firewall rules (defaults to true).
logLevelForward String: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelIn String: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelOut String: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp Boolean: Enable NDP - Neighbor Discovery Protocol (defaults to true).
nfConntrackMax Integer: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nfConntrackTcpTimeoutEstablished Integer: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables Boolean: Enable nftables based firewall (tech preview, defaults to false).
nosmurfs Boolean: Enable SMURFS filter (defaults to true).
smurfLogLevel String: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcpFlagsLogLevel String: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

nodeName string: The cluster node name.
enabled boolean: Enable host firewall rules (defaults to true).
logLevelForward string: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelIn string: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelOut string: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp boolean: Enable NDP - Neighbor Discovery Protocol (defaults to true).
nfConntrackMax number: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nfConntrackTcpTimeoutEstablished number: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables boolean: Enable nftables based firewall (tech preview, defaults to false).
nosmurfs boolean: Enable SMURFS filter (defaults to true).
smurfLogLevel string: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcpFlagsLogLevel string: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

node_name str: The cluster node name.
enabled bool: Enable host firewall rules (defaults to true).
log_level_forward str: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
log_level_in str: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
log_level_out str: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp bool: Enable NDP - Neighbor Discovery Protocol (defaults to true).
nf_conntrack_max int: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nf_conntrack_tcp_timeout_established int: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables bool: Enable nftables based firewall (tech preview, defaults to false).
nosmurfs bool: Enable SMURFS filter (defaults to true).
smurf_log_level str: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcp_flags_log_level str: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

nodeName String: The cluster node name.
enabled Boolean: Enable host firewall rules (defaults to true).
logLevelForward String: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelIn String: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelOut String: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp Boolean: Enable NDP - Neighbor Discovery Protocol (defaults to true).
nfConntrackMax Number: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nfConntrackTcpTimeoutEstablished Number: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables Boolean: Enable nftables based firewall (tech preview, defaults to false).
nosmurfs Boolean: Enable SMURFS filter (defaults to true).
smurfLogLevel String: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcpFlagsLogLevel String: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallLegacy resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing FirewallLegacy Resource

Get an existing FirewallLegacy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallLegacyState, opts?: CustomResourceOptions): FirewallLegacy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        enabled: Optional[bool] = None,
        log_level_forward: Optional[str] = None,
        log_level_in: Optional[str] = None,
        log_level_out: Optional[str] = None,
        ndp: Optional[bool] = None,
        nf_conntrack_max: Optional[int] = None,
        nf_conntrack_tcp_timeout_established: Optional[int] = None,
        nftables: Optional[bool] = None,
        node_name: Optional[str] = None,
        nosmurfs: Optional[bool] = None,
        smurf_log_level: Optional[str] = None,
        tcp_flags_log_level: Optional[str] = None) -> FirewallLegacy

func GetFirewallLegacy(ctx *Context, name string, id IDInput, state *FirewallLegacyState, opts ...ResourceOption) (*FirewallLegacy, error)

public static FirewallLegacy Get(string name, Input<string> id, FirewallLegacyState? state, CustomResourceOptions? opts = null)

public static FirewallLegacy get(String name, Output<String> id, FirewallLegacyState state, CustomResourceOptions options)

resources:  _:    type: proxmoxve:node:FirewallLegacy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Enabled bool: Enable host firewall rules (defaults to true).
LogLevelForward string: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
LogLevelIn string: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
LogLevelOut string: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
Ndp bool: Enable NDP - Neighbor Discovery Protocol (defaults to true).
NfConntrackMax int: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
NfConntrackTcpTimeoutEstablished int: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
Nftables bool: Enable nftables based firewall (tech preview, defaults to false).
NodeName string: The cluster node name.
Nosmurfs bool: Enable SMURFS filter (defaults to true).
SmurfLogLevel string: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
TcpFlagsLogLevel string: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

Enabled bool: Enable host firewall rules (defaults to true).
LogLevelForward string: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
LogLevelIn string: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
LogLevelOut string: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
Ndp bool: Enable NDP - Neighbor Discovery Protocol (defaults to true).
NfConntrackMax int: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
NfConntrackTcpTimeoutEstablished int: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
Nftables bool: Enable nftables based firewall (tech preview, defaults to false).
NodeName string: The cluster node name.
Nosmurfs bool: Enable SMURFS filter (defaults to true).
SmurfLogLevel string: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
TcpFlagsLogLevel string: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

enabled Boolean: Enable host firewall rules (defaults to true).
logLevelForward String: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelIn String: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelOut String: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp Boolean: Enable NDP - Neighbor Discovery Protocol (defaults to true).
nfConntrackMax Integer: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nfConntrackTcpTimeoutEstablished Integer: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables Boolean: Enable nftables based firewall (tech preview, defaults to false).
nodeName String: The cluster node name.
nosmurfs Boolean: Enable SMURFS filter (defaults to true).
smurfLogLevel String: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcpFlagsLogLevel String: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

enabled boolean: Enable host firewall rules (defaults to true).
logLevelForward string: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelIn string: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelOut string: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp boolean: Enable NDP - Neighbor Discovery Protocol (defaults to true).
nfConntrackMax number: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nfConntrackTcpTimeoutEstablished number: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables boolean: Enable nftables based firewall (tech preview, defaults to false).
nodeName string: The cluster node name.
nosmurfs boolean: Enable SMURFS filter (defaults to true).
smurfLogLevel string: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcpFlagsLogLevel string: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

enabled bool: Enable host firewall rules (defaults to true).
log_level_forward str: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
log_level_in str: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
log_level_out str: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp bool: Enable NDP - Neighbor Discovery Protocol (defaults to true).
nf_conntrack_max int: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nf_conntrack_tcp_timeout_established int: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables bool: Enable nftables based firewall (tech preview, defaults to false).
node_name str: The cluster node name.
nosmurfs bool: Enable SMURFS filter (defaults to true).
smurf_log_level str: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcp_flags_log_level str: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

enabled Boolean: Enable host firewall rules (defaults to true).
logLevelForward String: Log level for forwarded traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelIn String: Log level for incoming traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
logLevelOut String: Log level for outgoing traffic. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
ndp Boolean: Enable NDP - Neighbor Discovery Protocol (defaults to true).
nfConntrackMax Number: Maximum number of tracked connections (defaults to 262144). Minimum value is 32768.
nfConntrackTcpTimeoutEstablished Number: Conntrack established timeout in seconds (defaults to 432000 - 5 days). Minimum value is 7875.
nftables Boolean: Enable nftables based firewall (tech preview, defaults to false).
nodeName String: The cluster node name.
nosmurfs Boolean: Enable SMURFS filter (defaults to true).
smurfLogLevel String: Log level for SMURFS filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).
tcpFlagsLogLevel String: Log level for illegal tcp flags filter. Must be one of: emerg, alert, crit, err, warning, notice, info, debug, nolog (defaults to nolog).

Import

$ pulumi import proxmoxve:node/firewallLegacy:FirewallLegacy node-pve1 pve1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: proxmoxve muhlba91/pulumi-proxmoxve
License: Apache-2.0
Notes: This Pulumi package is based on the proxmox Terraform Provider.

Viewing docs for Proxmox Virtual Environment (Proxmox VE) v8.0.0
published on Sunday, Apr 5, 2026 by Daniel Muehlbachler-Pietrzykowski

Schema (JSON)

muhlba91/pulumi-proxmoxve

proxmoxve.node.FirewallLegacy

On this page

On this page

Example Usage

Create FirewallLegacy Resource

Constructor syntax

Parameters

Constructor example

FirewallLegacy Resource Properties

Inputs

Outputs

Look up Existing FirewallLegacy Resource

Import

Package Details

On this page

On this page