Add support for /node/firewall

[Jurka007]

Would it be possible to add support for /node/firewall api calls to manage firewall on host level. So far I can see firewall for cluster and vm.

Both option and rules: /api2/json/nodes/{node}/firewall/options /api2/json/nodes/{node}/firewall/rules

🙏

[Luquor]

One way to achieve that is to create Security Rules and add that group to the node. A good thing with Security Group is the rule order; the rules are applied on the host with the same order as you declared them. If you declare the rules like the following code snippet, the order will change every time you terraform/tofu apply (which can lead to issues because the higher rule takes advantage on the lower) :

  rule {
    type    = "in"
    action  = "ACCEPT"
    comment = "Allow HTTPS"
    dest    = "192.168.1.5"
    dport   = "443"
    proto   = "tcp"
    log     = "info"
  }

Here is some resources that helped me: https://registry.terraform.io/providers/bpg/proxmox/latest/docs/resources/virtual_environment_firewall_rules#rule https://pve.proxmox.com/wiki/Firewall#pve_firewall_security_groups

[Jurka007]

Ah, I see now, it's a little bit confusing. There are 3 levels: Cluster, Node and VM. On each level you can add rules, but only on cluster level you can add groups, which you can use in Node and VM level. So it should be possible to add the groups using the proxmox_virtual_environment_firewall_rules resource based on the node_name and vm_id arguments - but did not test this yet, fe if I leave the vm_id empty, if the rule/group will be added at node level 🤷 There are also IPSet and aliases, but only on Cluster and VM level.

So based on the above, what is missing is the node firewall option resource to edit these option