System Light Dark

Theme editor

Page Setup Appearance

  • Color Pickers

    Toggle color picker

    Allows you to change the color of some predefined items

  • Style variation

    Select the style variation you want to use
    System Light Dark

Guide Linux Proxmox Proxmox Security Guide: Blocking Critical Ports with Firewall and IP‑Based Access Rules 2025

  • Thread starter Thread starter CL4Y
  • Start date Start date
  • Views 172
CL4Y

CL4Y

Keyboard Ninja
Administrator
Thread owner

🔐 Proxmox Security Guide: Blocking Critical Ports with Firewall and IP‑Based Access Rules 2025

Proxmox VE is an open-source and powerful virtualization solution. However, some service ports opened by default are exposed to the public. These ports increase the attack surface. That’s why it’s very important—for both server security and resource protection—to close unnecessary ports and allow access only from specific IP addresses.

In this guide, we will detail how to restrict ports using the Proxmox firewall system and how to create IP-based rules.


📋 Important Ports Used by Proxmox

Below is a list of key ports used by Proxmox VE’s core services:

PortProtocolDescription
8006TCPWeb interface (HTTPS)
5900–5999TCPVNC Web console
3128TCPSPICE Proxy
22TCPSSH access
111UDPrpcbind (used by some services)
25TCPSendmail (outgoing email)
5405–5412UDPCorosync (cluster traffic)
60000–60050TCPVM live migration

jetto-proxmox-firewall-1.webp



🛡️ Enabling Proxmox’s Firewall Feature

Proxmox includes a built-in firewall feature that allows you to define rules specific to your server.

Step 1: Enable the Firewall Feature

  • Log into the Proxmox Web Interface (https://YOUR_IP:8006)
  • From the left menu, go to Datacenter > Firewall > Options
  • Enable the Enable Firewall option

Doing this enables the firewall at the datacenter level. You also need to enable it at the node level and optionally for individual VMs.

jetto-proxmox-firewall-2.gif



🧱 Closing Specific Ports or Allowing Only a Certain IP

Step 2: Add Rules

Example: Allow only your IP address to access port 8006 (web interface):
  • Go to Datacenter > Firewall > Add (add a new rule)
  • Direction: IN
  • Action: ACCEPT
  • Source: YOUR_IP_ADDRESS
  • Destination: SERVER_IP_ADDRESS
  • Dest. port: 8006
  • Protocol: tcp

jetto-proxmox-firewall-3.gif


Then Block All Other Traffic:

  • Add another rule:
    • Direction: IN
    • Action: DROP
    • Destination: SERVER_IP_ADDRESS
    • Dest. port: 8006
    • Protocol: tcp

jetto-proxmox-firewall-4.gif


This way, only your IP address can access the web panel port, and all other requests will be denied.
Click to expand...


After installing Proxmox VE, security configurations must not be overlooked. With firewall rules, you can:
  • Close unnecessary ports
  • Define access only for trusted IPs
  • Keep cluster-specific ports open only on relevant networks

By doing so, you not only protect against external attacks but also prevent unnecessary traffic, improving performance.

Also note: It's important to close **all** ports listed in Important Ports Used by Proxmox as outlined in the earlier section.
 
Thread owner
You can create a topic for the issues you are experiencing. 🙂
 
You must log in or register to reply here.

Similar threads

CL4Y
Guide Linux Proxmox How to Install QEMU Guest Agent on Proxmox VMs (Debian/Ubuntu)
Replies
2
Views
224
nerf
N
CL4Y
Guide Linux Proxmox How to Create a New Virtual Machine (VM) in Proxmox VE
Replies
1
Views
199
CL4Y
CL4Y
Kreathex
Reviews News Apple Releases iOS 18.7.2 for Older Devices: Critical Security Fixes Arrive
Replies
0
Views
93
Kreathex
Kreathex
CL4Y
Guide CloudFlare Cloudflare IP Whitelisting Guide (2025)
Replies
1
Views
161
CL4Y
CL4Y
CL4Y
Guide Linux Ubuntu LAMP Stack (Apache, MySQL, PHP) Installation Guide (2025)
Replies
1
Views
139
CL4Y
CL4Y
Currently on our website
38 User Active  (1 member, 37 visitor)
Members online
Threads 262
Messages 508
Members 44
Latest member cereal
Back
Top