firewall

How to properly configure firewall in proxmox?

Good day.
I just can't figure out how to properly configure the firewall in Proxmox.
Given:
1) Server with Proxmox in hetzner.
Created two bridges on the server:

• vmbr0 for virtual machines with external ip
  
• vmbr1 for virtual machines with local ip. are behind NAT. ip are distributed from the dhcp server. (like 192.168.12.xxx)
  

There is a virtual machine with a shared folder with ip 192.168.12.2.
2) Office with mikrotik router.
3) A gre tunnel has been raised between the office and the proxmox server.
With the firewall turned off.
192.168.12.2 is pinged from the office and the shared folder is available.
Question. How can 192.168.12.2 be pinged if it is behind NAT?
When the firewall is enabled with the INPUT DROP
policy, 192.168.12.2 is NOT pinged from the office and the shared folder is NOT accessible.
Question. What rule should be written in the firewall so that 192.168.12.2 is accessible from the office network?
I suspect that when the firewall is enabled, gre traffic is cut.
But

iptables -I INPUT -p gre -j ACCEPT

doesn't solve the problem.