Docs Home
Proxmox Virtual Environment (Proxmox VE) v7.0.0 published on Tuesday, Apr 1, 2025 by Daniel Muehlbachler-Pietrzykowski
proxmoxve.Network.FirewallSecurityGroup
Explore with Pulumi AI
Proxmox Virtual Environment (Proxmox VE) v7.0.0 published on Tuesday, Apr 1, 2025 by Daniel Muehlbachler-Pietrzykowski
A security group is a collection of rules, defined at cluster level, which can be used in all VMs’ rules. For example, you can define a group named “webserver” with rules to open the http and https ports.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";
const webserver = new proxmoxve.network.FirewallSecurityGroup("webserver", {
comment: "Managed by Pulumi",
rules: [
{
action: "ACCEPT",
comment: "Allow HTTP",
dest: "192.168.1.5",
dport: "80",
log: "info",
proto: "tcp",
type: "in",
},
{
action: "ACCEPT",
comment: "Allow HTTPS",
dest: "192.168.1.5",
dport: "443",
log: "info",
proto: "tcp",
type: "in",
},
],
});
import pulumi
import pulumi_proxmoxve as proxmoxve
webserver = proxmoxve.network.FirewallSecurityGroup("webserver",
comment="Managed by Pulumi",
rules=[
{
"action": "ACCEPT",
"comment": "Allow HTTP",
"dest": "192.168.1.5",
"dport": "80",
"log": "info",
"proto": "tcp",
"type": "in",
},
{
"action": "ACCEPT",
"comment": "Allow HTTPS",
"dest": "192.168.1.5",
"dport": "443",
"log": "info",
"proto": "tcp",
"type": "in",
},
])
package main
import (
"github.com/muhlba91/pulumi-proxmoxve/sdk/v6/go/proxmoxve/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewFirewallSecurityGroup(ctx, "webserver", &network.FirewallSecurityGroupArgs{
Comment: pulumi.String("Managed by Pulumi"),
Rules: network.FirewallSecurityGroupRuleArray{
&network.FirewallSecurityGroupRuleArgs{
Action: pulumi.String("ACCEPT"),
Comment: pulumi.String("Allow HTTP"),
Dest: pulumi.String("192.168.1.5"),
Dport: pulumi.String("80"),
Log: pulumi.String("info"),
Proto: pulumi.String("tcp"),
Type: pulumi.String("in"),
},
&network.FirewallSecurityGroupRuleArgs{
Action: pulumi.String("ACCEPT"),
Comment: pulumi.String("Allow HTTPS"),
Dest: pulumi.String("192.168.1.5"),
Dport: pulumi.String("443"),
Log: pulumi.String("info"),
Proto: pulumi.String("tcp"),
Type: pulumi.String("in"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ProxmoxVE = Pulumi.ProxmoxVE;
return await Deployment.RunAsync(() =>
{
var webserver = new ProxmoxVE.Network.FirewallSecurityGroup("webserver", new()
{
Comment = "Managed by Pulumi",
Rules = new[]
{
new ProxmoxVE.Network.Inputs.FirewallSecurityGroupRuleArgs
{
Action = "ACCEPT",
Comment = "Allow HTTP",
Dest = "192.168.1.5",
Dport = "80",
Log = "info",
Proto = "tcp",
Type = "in",
},
new ProxmoxVE.Network.Inputs.FirewallSecurityGroupRuleArgs
{
Action = "ACCEPT",
Comment = "Allow HTTPS",
Dest = "192.168.1.5",
Dport = "443",
Log = "info",
Proto = "tcp",
Type = "in",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.proxmoxve.Network.FirewallSecurityGroup;
import com.pulumi.proxmoxve.Network.FirewallSecurityGroupArgs;
import com.pulumi.proxmoxve.Network.inputs.FirewallSecurityGroupRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var webserver = new FirewallSecurityGroup("webserver", FirewallSecurityGroupArgs.builder()
.comment("Managed by Pulumi")
.rules(
FirewallSecurityGroupRuleArgs.builder()
.action("ACCEPT")
.comment("Allow HTTP")
.dest("192.168.1.5")
.dport("80")
.log("info")
.proto("tcp")
.type("in")
.build(),
FirewallSecurityGroupRuleArgs.builder()
.action("ACCEPT")
.comment("Allow HTTPS")
.dest("192.168.1.5")
.dport("443")
.log("info")
.proto("tcp")
.type("in")
.build())
.build());
}
}
resources:
webserver:
type: proxmoxve:Network:FirewallSecurityGroup
properties:
comment: Managed by Pulumi
rules:
- action: ACCEPT
comment: Allow HTTP
dest: 192.168.1.5
dport: '80'
log: info
proto: tcp
type: in
- action: ACCEPT
comment: Allow HTTPS
dest: 192.168.1.5
dport: '443'
log: info
proto: tcp
type: in
Create FirewallSecurityGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallSecurityGroup(name: string, args: FirewallSecurityGroupArgs, opts?: CustomResourceOptions);@overload
def FirewallSecurityGroup(resource_name: str,
args: FirewallSecurityGroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallSecurityGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
rules: Optional[Sequence[_network.FirewallSecurityGroupRuleArgs]] = None,
comment: Optional[str] = None,
container_id: Optional[int] = None,
name: Optional[str] = None,
node_name: Optional[str] = None,
vm_id: Optional[int] = None)func NewFirewallSecurityGroup(ctx *Context, name string, args FirewallSecurityGroupArgs, opts ...ResourceOption) (*FirewallSecurityGroup, error)public FirewallSecurityGroup(string name, FirewallSecurityGroupArgs args, CustomResourceOptions? opts = null)public FirewallSecurityGroup(String name, FirewallSecurityGroupArgs args)
public FirewallSecurityGroup(String name, FirewallSecurityGroupArgs args, CustomResourceOptions options)
type: proxmoxve:Network:FirewallSecurityGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. FirewallSecurityGroupArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. FirewallSecurityGroupArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. FirewallSecurityGroupArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. FirewallSecurityGroupArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. FirewallSecurityGroupArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallSecurityGroupResource = new ProxmoxVE.Network.FirewallSecurityGroup("firewallSecurityGroupResource", new()
{
Rules = new[]
{
new ProxmoxVE.Network.Inputs.FirewallSecurityGroupRuleArgs
{
Action = "string",
Comment = "string",
Dest = "string",
Dport = "string",
Enabled = false,
Iface = "string",
Log = "string",
Macro = "string",
Pos = 0,
Proto = "string",
SecurityGroup = "string",
Source = "string",
Sport = "string",
Type = "string",
},
},
Comment = "string",
ContainerId = 0,
Name = "string",
NodeName = "string",
VmId = 0,
});
example, err := Network.NewFirewallSecurityGroup(ctx, "firewallSecurityGroupResource", &Network.FirewallSecurityGroupArgs{
Rules: network.FirewallSecurityGroupRuleArray{
&network.FirewallSecurityGroupRuleArgs{
Action: pulumi.String("string"),
Comment: pulumi.String("string"),
Dest: pulumi.String("string"),
Dport: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Iface: pulumi.String("string"),
Log: pulumi.String("string"),
Macro: pulumi.String("string"),
Pos: pulumi.Int(0),
Proto: pulumi.String("string"),
SecurityGroup: pulumi.String("string"),
Source: pulumi.String("string"),
Sport: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Comment: pulumi.String("string"),
ContainerId: pulumi.Int(0),
Name: pulumi.String("string"),
NodeName: pulumi.String("string"),
VmId: pulumi.Int(0),
})
var firewallSecurityGroupResource = new FirewallSecurityGroup("firewallSecurityGroupResource", FirewallSecurityGroupArgs.builder()
.rules(FirewallSecurityGroupRuleArgs.builder()
.action("string")
.comment("string")
.dest("string")
.dport("string")
.enabled(false)
.iface("string")
.log("string")
.macro("string")
.pos(0)
.proto("string")
.securityGroup("string")
.source("string")
.sport("string")
.type("string")
.build())
.comment("string")
.containerId(0)
.name("string")
.nodeName("string")
.vmId(0)
.build());
firewall_security_group_resource = proxmoxve.network.FirewallSecurityGroup("firewallSecurityGroupResource",
rules=[{
"action": "string",
"comment": "string",
"dest": "string",
"dport": "string",
"enabled": False,
"iface": "string",
"log": "string",
"macro": "string",
"pos": 0,
"proto": "string",
"security_group": "string",
"source": "string",
"sport": "string",
"type": "string",
}],
comment="string",
container_id=0,
name="string",
node_name="string",
vm_id=0)
const firewallSecurityGroupResource = new proxmoxve.network.FirewallSecurityGroup("firewallSecurityGroupResource", {
rules: [{
action: "string",
comment: "string",
dest: "string",
dport: "string",
enabled: false,
iface: "string",
log: "string",
macro: "string",
pos: 0,
proto: "string",
securityGroup: "string",
source: "string",
sport: "string",
type: "string",
}],
comment: "string",
containerId: 0,
name: "string",
nodeName: "string",
vmId: 0,
});
type: proxmoxve:Network:FirewallSecurityGroup
properties:
comment: string
containerId: 0
name: string
nodeName: string
rules:
- action: string
comment: string
dest: string
dport: string
enabled: false
iface: string
log: string
macro: string
pos: 0
proto: string
securityGroup: string
source: string
sport: string
type: string
vmId: 0
FirewallSecurityGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallSecurityGroup resource accepts the following input properties:
- Rules
List<Pulumi.
This property is required. 
Changes to this property will trigger replacement.Proxmox VE. Network. Inputs. Firewall Security Group Rule> - Firewall rule block (multiple blocks supported).
- Comment string
- Security group comment.
- Container
Id int - The ID of the container to manage the firewall for.
- Name string
- Security group name.
- Node
Name string - The name of the node.
- Vm
Id int - The ID of the VM to manage the firewall for.
- Rules
[]Firewall
This property is required. Changes to this property will trigger replacement.Security Group Rule Args - Firewall rule block (multiple blocks supported).
- Comment string
- Security group comment.
- Container
Id int - The ID of the container to manage the firewall for.
- Name string
- Security group name.
- Node
Name string - The name of the node.
- Vm
Id int - The ID of the VM to manage the firewall for.
- rules
List<Firewall
This property is required. Changes to this property will trigger replacement.Security Group Rule> - Firewall rule block (multiple blocks supported).
- comment String
- Security group comment.
- container
Id Integer - The ID of the container to manage the firewall for.
- name String
- Security group name.
- node
Name String - The name of the node.
- vm
Id Integer - The ID of the VM to manage the firewall for.
- rules
Firewall
This property is required. Changes to this property will trigger replacement.Security Group Rule[] - Firewall rule block (multiple blocks supported).
- comment string
- Security group comment.
- container
Id number - The ID of the container to manage the firewall for.
- name string
- Security group name.
- node
Name string - The name of the node.
- vm
Id number - The ID of the VM to manage the firewall for.
- rules
Sequence[network.
This property is required. Changes to this property will trigger replacement.Firewall Security Group Rule Args] - Firewall rule block (multiple blocks supported).
- comment str
- Security group comment.
- container_
id int - The ID of the container to manage the firewall for.
- name str
- Security group name.
- node_
name str - The name of the node.
- vm_
id int - The ID of the VM to manage the firewall for.
- rules
List<Property Map>
This property is required. Changes to this property will trigger replacement. - Firewall rule block (multiple blocks supported).
- comment String
- Security group comment.
- container
Id Number - The ID of the container to manage the firewall for.
- name String
- Security group name.
- node
Name String - The name of the node.
- vm
Id Number - The ID of the VM to manage the firewall for.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallSecurityGroup resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FirewallSecurityGroup Resource
Get an existing FirewallSecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallSecurityGroupState, opts?: CustomResourceOptions): FirewallSecurityGroup@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
comment: Optional[str] = None,
container_id: Optional[int] = None,
name: Optional[str] = None,
node_name: Optional[str] = None,
rules: Optional[Sequence[_network.FirewallSecurityGroupRuleArgs]] = None,
vm_id: Optional[int] = None) -> FirewallSecurityGroupfunc GetFirewallSecurityGroup(ctx *Context, name string, id IDInput, state *FirewallSecurityGroupState, opts ...ResourceOption) (*FirewallSecurityGroup, error)public static FirewallSecurityGroup Get(string name, Input<string> id, FirewallSecurityGroupState? state, CustomResourceOptions? opts = null)public static FirewallSecurityGroup get(String name, Output<String> id, FirewallSecurityGroupState state, CustomResourceOptions options)resources: _: type: proxmoxve:Network:FirewallSecurityGroup get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Comment string
- Security group comment.
- Container
Id int - The ID of the container to manage the firewall for.
- Name string
- Security group name.
- Node
Name string - The name of the node.
- Rules
Proxmox VE. Network. Inputs. Firewall Security Group Rule> - Firewall rule block (multiple blocks supported).
- Vm
Id int - The ID of the VM to manage the firewall for.
- Comment string
- Security group comment.
- Container
Id int - The ID of the container to manage the firewall for.
- Name string
- Security group name.
- Node
Name string - The name of the node.
- Rules
Security Group Rule Args - Firewall rule block (multiple blocks supported).
- Vm
Id int - The ID of the VM to manage the firewall for.
- comment String
- Security group comment.
- container
Id Integer - The ID of the container to manage the firewall for.
- name String
- Security group name.
- node
Name String - The name of the node.
- rules
Security Group Rule> - Firewall rule block (multiple blocks supported).
- vm
Id Integer - The ID of the VM to manage the firewall for.
- comment string
- Security group comment.
- container
Id number - The ID of the container to manage the firewall for.
- name string
- Security group name.
- node
Name string - The name of the node.
- rules
Security Group Rule[] - Firewall rule block (multiple blocks supported).
- vm
Id number - The ID of the VM to manage the firewall for.
- comment str
- Security group comment.
- container_
id int - The ID of the container to manage the firewall for.
- name str
- Security group name.
- node_
name str - The name of the node.
- rules
Firewall Security Group Rule Args] - Firewall rule block (multiple blocks supported).
- vm_
id int - The ID of the VM to manage the firewall for.
- comment String
- Security group comment.
- container
Id Number - The ID of the container to manage the firewall for.
- name String
- Security group name.
- node
Name String - The name of the node.
- rules
- Firewall rule block (multiple blocks supported).
- vm
Id Number - The ID of the VM to manage the firewall for.
Supporting Types
FirewallSecurityGroupRule, FirewallSecurityGroupRuleArgs
, FirewallSecurityGroupRuleArgs
- Action string
- Rule action (
ACCEPT,DROP,REJECT). - Comment string
- Rule comment.
- Dest string
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - Dport string
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - Enabled bool
- Enable rule
- Iface string
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- Log string
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - Macro string
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- Pos int
- Position of the rule in the list.
- Proto string
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- Security
Group - Security group name
- Source string
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - Sport string
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - Type string
- Rule type (
in,out).
- Action string
- Rule action (
ACCEPT,DROP,REJECT). - Comment string
- Rule comment.
- Dest string
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - Dport string
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - Enabled bool
- Enable rule
- Iface string
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- Log string
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - Macro string
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- Pos int
- Position of the rule in the list.
- Proto string
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- Security
Group - Security group name
- Source string
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - Sport string
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - Type string
- Rule type (
in,out).
- action String
- Rule action (
ACCEPT,DROP,REJECT). - comment String
- Rule comment.
- dest String
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - dport String
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - enabled Boolean
- Enable rule
- iface String
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- log String
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - macro String
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- pos Integer
- Position of the rule in the list.
- proto String
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- security
Group - Security group name
- source String
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - sport String
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - type String
- Rule type (
in,out).
- action string
- Rule action (
ACCEPT,DROP,REJECT). - comment string
- Rule comment.
- dest string
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - dport string
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - enabled boolean
- Enable rule
- iface string
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- log string
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - macro string
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- pos number
- Position of the rule in the list.
- proto string
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- security
Group - Security group name
- source string
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - sport string
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - type string
- Rule type (
in,out).
- action str
- Rule action (
ACCEPT,DROP,REJECT). - comment str
- Rule comment.
- dest str
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - dport str
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - enabled bool
- Enable rule
- iface str
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- log str
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - macro str
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- pos int
- Position of the rule in the list.
- proto str
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- security_
group - Security group name
- source str
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - sport str
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - type str
- Rule type (
in,out).
- action String
- Rule action (
ACCEPT,DROP,REJECT). - comment String
- Rule comment.
- dest String
- Restrict packet destination address. This can refer to
a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks (entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - dport String
- Restrict TCP/UDP destination port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - enabled Boolean
- Enable rule
- iface String
- Network interface name. You have to use network configuration key names for VMs and containers ('net\d+'). Host related rules can use arbitrary strings.
- log String
- Log level for this rule (
emerg,alert,crit,err,warning,notice,info,debug,nolog). - macro String
- Macro name. Use predefined standard macro from https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_firewall_macro_definitions
- pos Number
- Position of the rule in the list.
- proto String
- Restrict packet protocol. You can use protocol names as defined in '/etc/protocols'.
- security
Group - Security group name
- source String
- Restrict packet source address. This can refer
to a single IP address, an IP set ('+ipsetname') or an IP alias
definition. You can also specify an address range like
20.34.101.207-201.3.9.99, or a list of IP addresses and networks ( entries are separated by comma). Please do not mix IPv4 and IPv6 addresses inside such lists. - sport String
- Restrict TCP/UDP source port. You can use
service names or simple numbers (0-65535), as defined in '/etc/
services'. Port ranges can be specified with '\d+:\d+', for example
80:85, and you can use comma separated list to match several ports or ranges. - type String
- Rule type (
in,out).
Import
Instances can be imported using the name, e.g.,
bash
$ pulumi import proxmoxve:Network/firewallSecurityGroup:FirewallSecurityGroup webserver webserver
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- proxmoxve muhlba91/pulumi-proxmoxve
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
proxmoxTerraform Provider.
Proxmox Virtual Environment (Proxmox VE) v7.0.0 published on Tuesday, Apr 1, 2025 by Daniel Muehlbachler-Pietrzykowski