A firewall is a network security device for protecting the server from network threats. The firewall monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. You can set rules for all connections except port 25 for outbound traffic — it is blocked by default.
For those using a load balancer: if your instance is in a pool configure its firewall — open ports for receiving and transmitting data to the load balancer.
Creating a firewall.
To create a firewall in the Cloud, go to Networking → Firewalls → Create firewall.
You can also configure a firewall in the Instance creation menu in the Firewall Settings section, the option Add a firewall.
In the appearing configuration window, you can configure the firewall rules which are the basis of the firewall. The rules define the specific traffic that can income to the instance and outcome from the Instance. If the rules are not configured, all traffic will be blocked by default.
To create a rule for an incoming or outgoing connection, you need to click on the button New rule and then:
- Select the connection type from existing templates
(All TCP, all UDP, SSH, HTTP, MySQL...etc.), which have pre-installed protocols and ports for typical connections.
- Or to choose theCustom button and set your own protocol and port.
In the rule, you can set a specific address range for each connection type You can specify IP addresses in the field Sources, in the CIDR format
If you want the rule to apply to all addresses, leave the Sources fields blank.
In order to save or delete the created rule, select the appropriate option from the selector, as shown in the screenshot
Apply to Instance
You can also select the Instances to apply the firewall settings while creating a firewall. To use this option we have the Apply to Instance field (if you are configuring the firewall in the Instance creation menu, this field will be omitted, cause the setting will automatically be applied to the server which is being created).
In the drop-down list, you can select the servers to apply the configuration.
After configuring all the parameters, click on the Create firewall button
The default firewall
We have a default firewall with pre-set permission rules for:
- Incoming connections via protocols: SSH (port 22), UDP (port 3389), ICMP (all ports), TCP (port 3389)
- Any outgoing connections.
If you don't specify which firewall to apply to the Instance, the default firewall will be applied to it.
The list of existing firewalls, you can find in the Networking tab → Firewalls
In the firewall section, you can edit rules, edit assigned Instances, and delete existing firewalls.
To choose the necessary option, click on the selector on the right.
This option allows you to edit existing rules and create new ones in the firewall for incoming and outgoing traffic.
The Instances option allows you to manage the list of the servers under the firewall.
You can add new servers to the list, or delete previously configured ones.
This option deletes the firewall with all settings. The deleted firewall disappears for all connected machines.