Book Image

Mastering Proxmox - Third Edition

By : Wasim Ahmed
Book Image

Mastering Proxmox - Third Edition

By: Wasim Ahmed

Overview of this book

Proxmox is an open source server virtualization solution that has enterprise-class features for managing virtual machines, for storage, and to virtualize both Linux and Windows application workloads. You'll begin with a refresher on the advanced installation features and the Proxmox GUI to familiarize yourself with the Proxmox VE hypervisor. Then, you'll move on to explore Proxmox under the hood, focusing on storage systems, such as Ceph, used with Proxmox. Moving on, you'll learn to manage KVM virtual machines, deploy Linux containers fast, and see how networking is handled in Proxmox. You'll also learn how to protect a cluster or a VM with a firewall and explore the new high availability features introduced in Proxmox VE 5.0. Next, you'll dive deeper into the backup/restore strategy and see how to properly update and upgrade a Proxmox node. Later, you'll learn how to monitor a Proxmox cluster and all of its components using Zabbix. Finally, you'll discover how to recover Promox from disaster strikes through some real-world examples. By the end of the book, you'll be an expert at making Proxmox work in production environments with minimal downtime.
Table of Contents (23 chapters)
Title Page
Credits
About the Author
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface

Chapter 9. The Proxmox VE Firewall

The Proxmox VE firewall is a security feature that allows easy and effective protection of a virtual environment for both internal and external network traffic. By leveraging this firewall, we can protect VMs, host nodes, or the entire cluster by creating firewall rules. By creating rules at the virtual machine level, we can provide total isolation for VM-to-VM network traffic, including VM-to-external traffic. Prior to the Proxmox VE firewall, security and isolation were not possible at the hypervisor level. Keep in mind that the built-in Proxmox firewall should not be a substitute for a VM-level firewall. We must still apply a firewall policy inside a guest VM, but the hypervisor-level firewall provides an added layer of protection should the VM operating system firewall be misconfigured or not configured at all. This also creates added management overhead because network administrators or managers must now open or close ports or apply firewall policies...