Proxmox firewall IPSets

Proxmox is my hypervisor of choice and one of the great features it has is the ability to easily define IP sets that you can later use on firewall rules for your hosted VMs and containers.

I don't expose any of my services to the internet, so one might wonder why would this feature be of any use to me? It just so happens that a couple of days ago my son came to me "bragging" that he hacked my Jellyfin installation and that he had full access to all the content available on that box.

What actually happened was that he clicked on the windows network link of his file explorer and lo and behold my Turnkey Linux media server was readily available as a streaming device, which of course was expected behavior.

There's nothing wrong with any of the above except the fact that this young man has a tendency to download all sorts of hacked, patched and generally dangerous applications off the internet despite my pleas and sensible advice.

What came next was me creating an IP set of all my machines with their LAN IPs and using that as an allowed connection source to each individual vm and container, including Jellyfin of course, while blocking everything else.

The beauty of this feature is that you have a single spot of control where you can define your rules and manage them easily without entering each box individually making the experience fast and efficient.

If you happen to use this amazing, kernel based hypervisor frontend have a look around the complete feature set, I'm betting you'll find a few other hidden gems that make your sysadmin life a bit easier.