Implement Inter-VLAN Firewall with iptables on Proxmox¶
Implements the default-deny inter-VLAN firewall on a Proxmox host using iptables, aligned with ADR-0103. Covers a stateful baseline policy, ordered rules for management, observability, and environment isolation, MASQUERADE NAT per subnet, and rule persistence across reboots. The same rule set is managed by the Ansible proxmox-firewall role in production.
What this covers:
- Default-deny FORWARD policy with stateful connection tracking as the foundation
- Ordered rule set for management VLAN full access, observability scrape paths, and per-environment isolation
- iptables-persistent rule persistence and production Ansible role alignment