Skip to main content

Manage basic firewall rules

Last update:

For a basic firewall, you can add new rules, edit existing rules and their order, and delete rules.

See examples of basic firewall rule settings.

Add rule

warning

After adding the first rule for a direction, a base rule is automatically connected: all traffic that is not allowed is prohibited. The base rule cannot be deleted.

You can configure up to 15 rules for each traffic direction for a single basic firewall. You can add up to 30 IP addresses or subnets for the traffic source and traffic destination to each rule.

  1. In the Control panel, on the top menu, click Products and select Dedicated Servers.

  2. Go to the Basic firewall section.

  3. Open the firewall page.

  4. Open the tab depending on which traffic you want to add a rule for:

    • for incoming traffic — Incoming traffic;
    • for outgoing traffic — Outgoing traffic.

  5. If you have already added or edited rules, check the firewall status. Make sure the firewall has an APPLIED status. On the menu of the rule list, click Modify rule list. Click Add rule.

  6. If you have not added or edited rules, click Add rule.

  7. Check the traffic direction.

  8. Select an action:

    • accept — accept traffic;
    • deny — deny traffic.

  9. Enter Source address — IP addresses from which you can accept requests.

  10. Enter Destination address — IP addresses to which you can accept requests.

  11. Enter Source port — the source port from which the request originates. You can enter a port or a range of ports; ports 1 to 65535 are available.

  12. Enter Destination port — the port on which the request will be accepted. You can enter a port or a range of ports; ports 1 to 65535 are available. Traffic to any TCP/UDP port blocked by default in Selectel will be prohibited, even if you specify this port in the rule.

  13. Select the protocol: TCP, UDP, ICMP, IPIP, GRE, ESP, АH.

  14. Optional: enter a rule description.

  15. Click Create rule.

  16. Check the order of the rules; they are executed in the order they appear in the list — top to bottom. If necessary, change the rule order — drag and drop the rules.

  17. Click Activate list. When the rules are activated, the firewall will switch to the APPLIED status. Applying changes may take up to 30 seconds. If you do not activate the list, the rules will be reset.

Edit rule

  1. In the Control panel, on the top menu, click Products and select Dedicated Servers.

  2. Go to the Basic firewall section.

  3. Open the firewall page.

  4. Open the tab depending on which traffic you want to edit the rule for:

    • for incoming traffic — Incoming traffic;
    • for outgoing traffic — Outgoing traffic.

  5. On the menu of the rule list, click Modify rule list.

  6. On the menu of the rule, click Edit rule.

  7. Change the parameter values in the rule.

  8. Click Save changes.

  9. Click Activate list. When the rules are activated, the firewall will switch to the APPLIED status. Applying changes may take up to 30 seconds. If you do not activate the list, the changes will be reset.

Change rule order

  1. In the Control panel, on the top menu, click Products and select Dedicated Servers.

  2. Go to the Basic firewall section.

  3. Open the firewall page.

  4. Open the tab depending on which traffic you want to change the order of rules for:

    • for incoming traffic — Incoming traffic;
    • for outgoing traffic — Outgoing traffic.

  5. On the menu of the rule, click Modify rule list.

  6. Drag and drop the rules. You cannot drag and drop the base rule.

  7. Click Activate list. When the rules are activated, the firewall will switch to the APPLIED status. Applying changes may take up to 30 seconds. If you do not activate the list, the changes will be reset.

Delete rule

warning

The rule will stop working — traffic that was allowed by this rule will be prohibited.

  1. In the Control panel, on the top menu, click Products and select Dedicated Servers.

  2. Go to the Basic firewall section.

  3. Open the firewall page.

  4. Open the tab depending on which traffic you want to delete the rule for:

    • for incoming traffic — Incoming traffic;
    • for outgoing traffic — Outgoing traffic.

  5. On the menu of the rule list, click Modify rule list.

  6. On the menu of the rule, click Delete rule.

  7. Click Activate list. When the rules are activated, the firewall will switch to the APPLIED status. Applying changes may take up to 30 seconds. If you do not activate the list, the changes will be reset.

Examples of basic firewall rule settings

warning

Rules are executed sequentially, in the order they appear in the list. When adding the first rule, a base rule is automatically included: all traffic that is not allowed by the rules is prohibited. The base rule cannot be deleted. Learn more in the Principle of operation subsection of the General information about the basic firewall guide.

Allow traffic only from a specific IP address

  1. In the Control panel, on the top menu, click Products and select Dedicated Servers.

  2. Go to the Basic firewall section.

  3. Open the firewall page.

  4. Allow incoming traffic from a specific IP address:

    4.1.Open the Incoming traffic tab.

    4.2.If you have already added rules, check the firewall status. Make sure the firewall is in the APPLIED status.

    4.3.On the menu of the rule list, select Modify rule list.

    4.4.Click Add rule.

    4.5.In the Traffic field, select Incoming.

    4.6.In the Action field, select Accept.

    4.7.In the Source address field, enter the IP addresses to accept requests from.

    4.8.Click Create rule.

  5. Allow all outgoing traffic:

    5.1.Open the Outgoing traffic tab.

    5.2.Click Add rule.

    5.3.In the Traffic field, select Outgoing.

    5.4.In the Action field, select Accept.

    5.5.Click Create rule.

  6. Click Activate list. When the rules are activated, the firewall will switch to the APPLIED status. If you do not activate the list, the rules will be reset.

Allow traffic only from a specific IP address and ports

  1. In the Control panel, on the top menu, click Products and select Dedicated Servers.

  2. Go to the Basic firewall section.

  3. Open the firewall page.

  4. Allow incoming traffic from a specific IP address and ports:

    4.1.Open the Incoming traffic tab.

    4.2.If you have already added rules, check the firewall status. Make sure the firewall is in the APPLIED status.

    4.3.On the menu of the rule list, select Modify rule list.

    4.4.Click Add rule.

    4.5.In the Traffic field, select Incoming.

    4.6.In the Action field, select Accept.

    4.7.In the Source address field, enter the IP addresses to accept requests from.

    4.8.In the Source port field, enter the ports or range of ports to accept requests from.

    4.9.Click Create rule.

  5. Allow all outgoing traffic:

    5.1.Open the Outgoing traffic tab.

    5.2.Click Add rule.

    5.3.In the Traffic field, select Outgoing.

    5.4.In the Action field, select Accept.

    5.5.Click Create rule.

  6. Click Activate list. When the rules are activated, the firewall will switch to the APPLIED status. If you do not activate the list, the rules will be reset.

Deny traffic from a specific IP address

  1. In the Control panel, on the top menu, click Products and select Dedicated Servers.

  2. Go to the Basic firewall section.

  3. Open the firewall page.

  4. Deny incoming traffic from a specific IP address:

    4.1.Open the Incoming traffic tab.

    4.2.If you have already added rules, check the firewall status. Make sure the firewall is in the APPLIED status.

    4.3.On the menu of the rule list, select Modify rule list.

    4.4.Click Add rule.

    4.5.In the Traffic field, select Incoming.

    4.6.In the Action field, select Deny.

    4.7.In the Source address field, enter the IP addresses from which requests are denied.

    4.8.Click Create rule.

  5. Allow remaining incoming traffic:

    5.1.Open the Incoming traffic tab.

    5.2.Click Add rule.

    5.3.In the Traffic field, select Incoming.

    5.4.In the Action field, select Accept.

    5.5.Click Create rule.

  6. Allow all outgoing traffic:

    6.1.Open the Outgoing traffic tab.

    6.2.Click Add rule.

    6.3.In the Traffic field, select Outgoing.

    6.4.In the Action field, select Accept.

    6.5.Click Create rule.

  7. Check the incoming traffic rule order: in this example, the deny rule should be first, and the allow rule should be second.

  8. Click Activate list. When the rules are activated, the firewall will switch to the APPLIED status. If you do not activate the list, the rules will be reset.

Deny traffic from specific ports

  1. In the Control panel, on the top menu, click Products and select Dedicated Servers.

  2. Go to the Basic firewall section.

  3. Open the firewall page.

  4. Deny incoming traffic from specific ports:

    4.1.Open the Incoming traffic tab.

    4.2.If you have already added rules, check the firewall status. Make sure the firewall is in the APPLIED status.

    4.3.On the menu of the rule list, select Modify rule list.

    4.4.Click Add rule.

    4.5.In the Traffic field, select Incoming.

    4.6.In the Action field, select Deny.

    4.7.In the Source port field, enter the ports or range of ports from which requests are denied.

    4.8.Click Create rule.

  5. Allow remaining incoming traffic:

    5.1.Open the Incoming traffic tab.

    5.2.Click Add rule.

    5.3.In the Traffic field, select Incoming.

    5.4.In the Action field, select Accept.

    5.5.Click Create rule.

  6. Allow all outgoing traffic:

    6.1.Open the Outgoing traffic tab.

    6.2.Click Add rule.

    6.3.In the Traffic field, select Outgoing.

    6.4.In the Action field, select Accept.

    6.5.Click Create rule.

  7. Check the incoming traffic rule order: in this example, the deny rule should be first, and the allow rule should be second.

  8. Click Activate list. When the rules are activated, the firewall will switch to the APPLIED status. If you do not activate the list, the rules will be reset.