pve-firewall

Compile and print all firewall rules

$ pve-firewall compile

$ pve-firewall localnet

$ pve-firewall restart

$ pve-firewall start

$ pve-firewall stop

$ pve-firewall simulate

$ pve-firewall status

pve-firewall command [options]

pve-firewall manages the Proxmox VE distributed firewall. It generates iptables rules based on cluster-wide and per-VM/container configurations. The firewall can be configured at datacenter, node, VM, and container levels.
The compile and simulate commands are useful for debugging firewall configurations before applying them. The firewall supports rule sets, IP sets, aliases, and security groups for organized configuration management.

compile, c

Compile and print all firewall rules

Show local network information

Restart the firewall service

Start the firewall service

Stop the firewall service

Simulate firewall rules without applying

Show firewall service status

Firewall rules are cluster-wide configuration stored in pmxcfs. Changes may affect all cluster nodes. Misconfiguration can lock out management access; ensure a working console connection before major changes.

Part of Proxmox VE, providing integrated firewall management for virtualization environments. Builds on iptables/nftables and integrates with Proxmox's cluster filesystem for distributed configuration.

qm(1), pct(1), pvesh(1)