The issue

When enabling the firewall at the data center level, access to the WebGUI (port 8006) and SSH (port 22) was blocked from my local network, even though the documentation states it shouldn’t be.

The fix

On a node, configure /etc/pve/firewall/cluster.fw like so:

1
2
3
4
5
6
7
8

[OPTIONS]
enable: 1

[RULES]

IN ACCEPT -p icmp -log nolog
IN ACCEPT -source 192.168.1.0/24 -p tcp -dport 8006 -log nolog
IN SSH(ACCEPT) -source 192.168.1.0/24 -log nolog

After writing the changes, the firewall will be enabled and access allowed locally.

Explanation

This allows for access to SSH and the WebGUI from the local network (my local network is the 192.168.1.0/24 block) and accepts ICMP for using ping.

As an alternative you could use IN ACCEPT -source 192.168.1.0/24 -p icmp -log nolog to only allow pinging the hosts from the local network.

I am new to Proxmox, so if there is a better solution let me know!