Skip to content

Deactivate Proxmox Firewall via Command Line: This is how it works

The Proxmox firewall protects your virtualization environment and ensures security. However, sometimes it is necessary to deactivate it temporarily – for example during maintenance work or for troubleshooting. In this guide, I will show you how to simply deactivate the Proxmox firewall via the command line and reactivate it later.

firewall 146529 1920 1024x512 1

Why should you deactivate the firewall?

There are situations in which it makes sense to temporarily switch off the firewall:

  • Solve problems: If you have connection problems, you can check whether the firewall is the cause by deactivating it.
  • Maintenance: Changes to the network configuration or updates sometimes require a deactivated firewall.
  • Tests: In certain test environments, you need unrestricted network access.

Note: A deactivated firewall exposes your system to potential attacks. Make sure that you reactivate it after your work.

What you need

Before you get started, you should ensure the following:

  • You have access to the Proxmox CLI (locally or via SSH).
  • You have root rights or can execute commands with sudo.
  • You are connected to a secure network.

Step-by-step instructions

1. log in to your server

Connect to your Proxmox server via SSH or directly via the console:

ssh  root@<IPaddress>

2. check the firewall status

Before you deactivate the firewall, you can check whether it is active:

pve-firewall status

The output shows you whether the firewall is running(enabled/running).

3. deactivate the firewall

To switch off the firewall completely, execute this command:

pve-firewall stop

4. deactivate the autostart of the firewall

To prevent the firewall from being reactivated automatically after restarting your server, switch off the autostart:

systemctl disable  pve-firewall

5. optional: deactivate firewall for a specific node

If you only want to deactivate the firewall on a specific node, you can do this with the following command:

pve-firewall set  0

0 stands for “deactivated”.

Reactivate firewall

Once you have completed your work, you should switch the firewall back on to protect your system:

  1. Start the firewall: pve-firewall start
  2. Activate the autostart: systemctl enable pve-firewall
  3. Check the status: pve-firewall status

Deactivate Proxmox Firewall permanently

If you want to deactivate the Proxmox firewall not just temporarily, but permanently, you can do this in just a few steps. In doing so, you ensure that the firewall is not reactivated even after restarting your server.

How to deactivate the firewall permanently

  1. Stop firewall service
    First, stop the current firewall service: pve-firewall stop
  2. Disable autostart of the firewall service
    To prevent the firewall from being reactivated the next time you restart your server, switch off the autostart: systemctl disable pve-firewall
  3. Check configuration (optional)
    You can ensure that the firewall remains disabled for future sessions by checking the status: systemctl is-enabled pve-firewall If the firewall has been successfully disabled, the output should be disabled.

Safety note

Permanently deactivating the firewall is only recommended if you have implemented alternative security measures such as firewalls at network level or other protection mechanisms. Without an active firewall, your Proxmox server is more susceptible to attacks.

If you want to reactivate the firewall permanently later, you can simply undo this:

  • Start the service: pve-firewall start
  • Activate the autostart: systemctl enable pve-firewall

With these steps you can customize the Proxmox Firewall securely and permanently to your requirements.

Deactivate Proxmox Firewall permanently via the configuration file

Another way to permanently deactivate the Proxmox firewall is to adjust the configuration directly in the corresponding file. This prevents the firewall from being reactivated after a restart or an update.

Instructions for deactivation via the configuration file

  1. Stopping the firewall service
    Before you adjust the configuration file, you should stop the current firewall service: pve-firewall stop
  2. Editing the configuration file
    Open the file /etc/pve/firewall/cluster.fw with a text editor: nano /etc/pve/firewall/cluster.fw
  3. Deactivate firewall
    Search the file for the line enable: 1 Change the value from 1 to 0 so that the line looks like this: enable: 0
  4. Save changes
    Save the file and close the editor. (In nano, press CTRL + O, then ENTER and finally CTRL + X.)
  5. Check firewall service (optional)
    Make sure that the firewall settings have been applied by checking the status: pve-firewall status

Note on updates and restarts

This method ensures that the firewall remains deactivated even after a restart or an update of a package that affects the pve-firewall service.

With this method and the other options mentioned above, you can flexibly adapt the Proxmox firewall to your requirements. Don’t forget to implement other security measures to protect your system if necessary.

Conclusion

Disabling the Proxmox firewall via the command line is easy and useful for special scenarios such as maintenance work or tests. But don’t forget to reactivate it after you have finished your work to ensure the security of your environment.

Do you have further questions or want to learn more about Proxmox? Check out our other tutorials!

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *