1. Packages
  2. Proxmox Virtual Environment (Proxmox VE)
  3. API Docs
  4. Network
  5. Firewall
Proxmox Virtual Environment (Proxmox VE) v7.0.0 published on Tuesday, Apr 1, 2025 by Daniel Muehlbachler-Pietrzykowski

proxmoxve.Network.Firewall

Explore with Pulumi AI

Manages firewall options on the cluster level.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as proxmoxve from "@muhlba91/pulumi-proxmoxve";

const example = new proxmoxve.network.Firewall("example", {
    ebtables: false,
    enabled: false,
    inputPolicy: "DROP",
    logRatelimit: {
        burst: 10,
        enabled: false,
        rate: "5/second",
    },
    outputPolicy: "ACCEPT",
});
Copy
import pulumi
import pulumi_proxmoxve as proxmoxve

example = proxmoxve.network.Firewall("example",
    ebtables=False,
    enabled=False,
    input_policy="DROP",
    log_ratelimit={
        "burst": 10,
        "enabled": False,
        "rate": "5/second",
    },
    output_policy="ACCEPT")
Copy
package main

import (
	"github.com/muhlba91/pulumi-proxmoxve/sdk/v6/go/proxmoxve/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewFirewall(ctx, "example", &network.FirewallArgs{
			Ebtables:    pulumi.Bool(false),
			Enabled:     pulumi.Bool(false),
			InputPolicy: pulumi.String("DROP"),
			LogRatelimit: &network.FirewallLogRatelimitArgs{
				Burst:   pulumi.Int(10),
				Enabled: pulumi.Bool(false),
				Rate:    pulumi.String("5/second"),
			},
			OutputPolicy: pulumi.String("ACCEPT"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ProxmoxVE = Pulumi.ProxmoxVE;

return await Deployment.RunAsync(() => 
{
    var example = new ProxmoxVE.Network.Firewall("example", new()
    {
        Ebtables = false,
        Enabled = false,
        InputPolicy = "DROP",
        LogRatelimit = new ProxmoxVE.Network.Inputs.FirewallLogRatelimitArgs
        {
            Burst = 10,
            Enabled = false,
            Rate = "5/second",
        },
        OutputPolicy = "ACCEPT",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.proxmoxve.Network.Firewall;
import com.pulumi.proxmoxve.Network.FirewallArgs;
import com.pulumi.proxmoxve.Network.inputs.FirewallLogRatelimitArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Firewall("example", FirewallArgs.builder()
            .ebtables(false)
            .enabled(false)
            .inputPolicy("DROP")
            .logRatelimit(FirewallLogRatelimitArgs.builder()
                .burst(10)
                .enabled(false)
                .rate("5/second")
                .build())
            .outputPolicy("ACCEPT")
            .build());

    }
}
Copy
resources:
  example:
    type: proxmoxve:Network:Firewall
    properties:
      ebtables: false
      enabled: false
      inputPolicy: DROP
      logRatelimit:
        burst: 10
        enabled: false
        rate: 5/second
      outputPolicy: ACCEPT
Copy

Create Firewall Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
             args: Optional[FirewallArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             ebtables: Optional[bool] = None,
             enabled: Optional[bool] = None,
             input_policy: Optional[str] = None,
             log_ratelimit: Optional[_network.FirewallLogRatelimitArgs] = None,
             output_policy: Optional[str] = None)
func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: proxmoxve:Network:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var firewallResource = new ProxmoxVE.Network.Firewall("firewallResource", new()
{
    Ebtables = false,
    Enabled = false,
    InputPolicy = "string",
    LogRatelimit = new ProxmoxVE.Network.Inputs.FirewallLogRatelimitArgs
    {
        Burst = 0,
        Enabled = false,
        Rate = "string",
    },
    OutputPolicy = "string",
});
Copy
example, err := Network.NewFirewall(ctx, "firewallResource", &Network.FirewallArgs{
	Ebtables:    pulumi.Bool(false),
	Enabled:     pulumi.Bool(false),
	InputPolicy: pulumi.String("string"),
	LogRatelimit: &network.FirewallLogRatelimitArgs{
		Burst:   pulumi.Int(0),
		Enabled: pulumi.Bool(false),
		Rate:    pulumi.String("string"),
	},
	OutputPolicy: pulumi.String("string"),
})
Copy
var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
    .ebtables(false)
    .enabled(false)
    .inputPolicy("string")
    .logRatelimit(FirewallLogRatelimitArgs.builder()
        .burst(0)
        .enabled(false)
        .rate("string")
        .build())
    .outputPolicy("string")
    .build());
Copy
firewall_resource = proxmoxve.network.Firewall("firewallResource",
    ebtables=False,
    enabled=False,
    input_policy="string",
    log_ratelimit={
        "burst": 0,
        "enabled": False,
        "rate": "string",
    },
    output_policy="string")
Copy
const firewallResource = new proxmoxve.network.Firewall("firewallResource", {
    ebtables: false,
    enabled: false,
    inputPolicy: "string",
    logRatelimit: {
        burst: 0,
        enabled: false,
        rate: "string",
    },
    outputPolicy: "string",
});
Copy
type: proxmoxve:Network:Firewall
properties:
    ebtables: false
    enabled: false
    inputPolicy: string
    logRatelimit:
        burst: 0
        enabled: false
        rate: string
    outputPolicy: string
Copy

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Firewall resource accepts the following input properties:

Ebtables bool
Enable ebtables rules cluster wide.
Enabled bool
Enable or disable the firewall cluster wide.
InputPolicy string
The default input policy (ACCEPT, DROP, REJECT).
LogRatelimit Pulumi.ProxmoxVE.Network.Inputs.FirewallLogRatelimit
The log rate limit.
OutputPolicy string
The default output policy (ACCEPT, DROP, REJECT).
Ebtables bool
Enable ebtables rules cluster wide.
Enabled bool
Enable or disable the firewall cluster wide.
InputPolicy string
The default input policy (ACCEPT, DROP, REJECT).
LogRatelimit FirewallLogRatelimitArgs
The log rate limit.
OutputPolicy string
The default output policy (ACCEPT, DROP, REJECT).
ebtables Boolean
Enable ebtables rules cluster wide.
enabled Boolean
Enable or disable the firewall cluster wide.
inputPolicy String
The default input policy (ACCEPT, DROP, REJECT).
logRatelimit FirewallLogRatelimit
The log rate limit.
outputPolicy String
The default output policy (ACCEPT, DROP, REJECT).
ebtables boolean
Enable ebtables rules cluster wide.
enabled boolean
Enable or disable the firewall cluster wide.
inputPolicy string
The default input policy (ACCEPT, DROP, REJECT).
logRatelimit FirewallLogRatelimit
The log rate limit.
outputPolicy string
The default output policy (ACCEPT, DROP, REJECT).
ebtables bool
Enable ebtables rules cluster wide.
enabled bool
Enable or disable the firewall cluster wide.
input_policy str
The default input policy (ACCEPT, DROP, REJECT).
log_ratelimit network.FirewallLogRatelimitArgs
The log rate limit.
output_policy str
The default output policy (ACCEPT, DROP, REJECT).
ebtables Boolean
Enable ebtables rules cluster wide.
enabled Boolean
Enable or disable the firewall cluster wide.
inputPolicy String
The default input policy (ACCEPT, DROP, REJECT).
logRatelimit Property Map
The log rate limit.
outputPolicy String
The default output policy (ACCEPT, DROP, REJECT).

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing Firewall Resource

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ebtables: Optional[bool] = None,
        enabled: Optional[bool] = None,
        input_policy: Optional[str] = None,
        log_ratelimit: Optional[_network.FirewallLogRatelimitArgs] = None,
        output_policy: Optional[str] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
resources:  _:    type: proxmoxve:Network:Firewall    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Ebtables bool
Enable ebtables rules cluster wide.
Enabled bool
Enable or disable the firewall cluster wide.
InputPolicy string
The default input policy (ACCEPT, DROP, REJECT).
LogRatelimit Pulumi.ProxmoxVE.Network.Inputs.FirewallLogRatelimit
The log rate limit.
OutputPolicy string
The default output policy (ACCEPT, DROP, REJECT).
Ebtables bool
Enable ebtables rules cluster wide.
Enabled bool
Enable or disable the firewall cluster wide.
InputPolicy string
The default input policy (ACCEPT, DROP, REJECT).
LogRatelimit FirewallLogRatelimitArgs
The log rate limit.
OutputPolicy string
The default output policy (ACCEPT, DROP, REJECT).
ebtables Boolean
Enable ebtables rules cluster wide.
enabled Boolean
Enable or disable the firewall cluster wide.
inputPolicy String
The default input policy (ACCEPT, DROP, REJECT).
logRatelimit FirewallLogRatelimit
The log rate limit.
outputPolicy String
The default output policy (ACCEPT, DROP, REJECT).
ebtables boolean
Enable ebtables rules cluster wide.
enabled boolean
Enable or disable the firewall cluster wide.
inputPolicy string
The default input policy (ACCEPT, DROP, REJECT).
logRatelimit FirewallLogRatelimit
The log rate limit.
outputPolicy string
The default output policy (ACCEPT, DROP, REJECT).
ebtables bool
Enable ebtables rules cluster wide.
enabled bool
Enable or disable the firewall cluster wide.
input_policy str
The default input policy (ACCEPT, DROP, REJECT).
log_ratelimit network.FirewallLogRatelimitArgs
The log rate limit.
output_policy str
The default output policy (ACCEPT, DROP, REJECT).
ebtables Boolean
Enable ebtables rules cluster wide.
enabled Boolean
Enable or disable the firewall cluster wide.
inputPolicy String
The default input policy (ACCEPT, DROP, REJECT).
logRatelimit Property Map
The log rate limit.
outputPolicy String
The default output policy (ACCEPT, DROP, REJECT).

Supporting Types

FirewallLogRatelimit
, FirewallLogRatelimitArgs

Burst int
Initial burst of packages which will always get logged before the rate is applied (defaults to 5).
Enabled bool
Enable or disable the log rate limit.
Rate string
Frequency with which the burst bucket gets refilled (defaults to 1/second).
Burst int
Initial burst of packages which will always get logged before the rate is applied (defaults to 5).
Enabled bool
Enable or disable the log rate limit.
Rate string
Frequency with which the burst bucket gets refilled (defaults to 1/second).
burst Integer
Initial burst of packages which will always get logged before the rate is applied (defaults to 5).
enabled Boolean
Enable or disable the log rate limit.
rate String
Frequency with which the burst bucket gets refilled (defaults to 1/second).
burst number
Initial burst of packages which will always get logged before the rate is applied (defaults to 5).
enabled boolean
Enable or disable the log rate limit.
rate string
Frequency with which the burst bucket gets refilled (defaults to 1/second).
burst int
Initial burst of packages which will always get logged before the rate is applied (defaults to 5).
enabled bool
Enable or disable the log rate limit.
rate str
Frequency with which the burst bucket gets refilled (defaults to 1/second).
burst Number
Initial burst of packages which will always get logged before the rate is applied (defaults to 5).
enabled Boolean
Enable or disable the log rate limit.
rate String
Frequency with which the burst bucket gets refilled (defaults to 1/second).

Import

ant Notes

Be careful not to use this resource multiple times for the same node.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
proxmoxve muhlba91/pulumi-proxmoxve
License
Apache-2.0
Notes
This Pulumi package is based on the proxmox Terraform Provider.