Skip to main content
Create a cloud firewall
Last update:

Create a cloud firewall

carefully

A cloud firewall has a basic property: all inbound and outbound traffic that is not allowed is denied. If you create a firewall without rules and assign it to a cloud router port, all traffic on the router's subnet will be denied. After creating a firewall on the router, all active sessions will be terminated.

  1. In control panel go to Cloud platformFirewalls.

  2. Click Create a firewall.

  3. Select pool This is where the firewall will be created.

  4. Optional: Select a private subnet with the cloud router for which you want to configure traffic filtering. The firewall is assigned to the cloud router port on this private subnet.

    Assign a firewall to a router port you can after you create a firewall.

  5. Select the direction of traffic:

  1. If templates with rules for incoming traffic Click on the rule. The Protocol, Source, Source Port, Traffic Destination, and Destination Port fields will be filled in automatically. Proceed to step 14.

  2. If there is no suitable template, add your own rule for incoming traffic. Click Add an incoming traffic rule.

  3. Select an action:

    • Allow — Allow traffic;
    • Deny — Deny traffic.
  4. Select a protocol: ICMP, TCP, UDP or All (Any).

  5. Enter the traffic source (Source) — IP address, subnet, or all addresses (Any).

  6. Enter the source port (Src. port) — a single port, a range of ports, or all ports (Any).

  7. Enter the Destination — IP address, subnet, or Any. If you specify a subnet, the rule applies to all devices on the subnet.

  8. Enter the destination port (Dst. port) — a single port, a range of ports, or all ports (Any).

    Traffic to any TCP/UDP port blocked in Selectel by default, will be denied even if you specify that port in the rule.

  9. Enter a name for the rule or leave the name created automatically.

  10. Optional: enter a comment for the rule.

  11. Click Add. After creating a firewall, you can change the rule.

  1. Check the order of the rules, they are executed in order in the list — from top to bottom. If necessary, change the order by dragging and dropping the rules. After creating the firewall, you can reorder.
  2. Optional: To add another rule to the firewall, go to step 5. you can add up to 100 rules per traffic direction.
  3. Enter the name of the firewall or leave the name created automatically.
  4. Optional: enter a comment for the firewall.
  5. Click Create a firewall.