With CloudFlow and CloudONE you can set firewall rules for the network interfaces of virtual servers. There are two types of firewall rule:
- ACCEPT – defines the packets that will be accepted by the firewall
- DROP – define the packets that will be rejected by the firewall
To configure a firewall rule:
- Go to your Control Panel's Virtual Servers menu.
- Click the label of the VS for which you want to configure a firewall rule.
- Click the Networking tab, then click Firewall.
- On the page that appears, set the following:
- Choose the network interface.
- Specify if the rule defines requests that should be accepted or dropped.
- Set the IP address for which this rule is active.
- Leave the empty field to apply this rule to all IPs
- Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10)
- Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24)
- Set the port for which this rule will is effective.
- Leave the empty field to apply the rule to all ports
- Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028)
- Enter comma-separated ports to apply the rule to the list of ports (e.g. 80,443,21)
- Choose the protocol (TCP, UDP or ICMP).
- Save the rule. The rule will be saved in the UI, but the transaction won't be started until you click the Apply Firewall Rules button.
- To start the transaction which runs firewall rules for a VS, click Apply firewall rules button.
- Use Up and Down arrow buttons in the left column to change firewall rule position.
Example: the Int1 ACCEPT 220.127.116.11 22 TCP firewall rule means that the Int1 network interface will accept all requests and packets addressed from 18.104.22.168 using the TCP protocol on port 22.
The Int2 DROP 22.214.171.124 22 UDP firewall rule means that the Int2 network interface will reject all requests and packets from 126.96.36.199 using the UDP protocol on port 22.
PLEASE NOTE: if you reboot a Xen-based VS from the console, the firewall rules for this VS will be lost, and you will need to update the firewall rules again.