Skip to main content
Manage cloud firewall rules
Last update:

Manage cloud firewall rules

For a cloud firewall, you can add new rules, change the existing rules, reorder as well as include, shut down and deregulate.

Add rule

carefully

After adding a deny rule on the cloud router, active sessions that match the rule will be terminated.

You can add up to 100 rules per traffic direction (policy) for a single cloud firewall.

  1. In control panel go to Cloud platformFirewalls.
  2. Open the firewall page.
  3. Select the direction of traffic:
  1. Open the tab Incoming traffic.

  2. Click Create a rule.

  3. Select an action:

    • Allow — Allow traffic;
    • Deny — Deny traffic.
  4. If templates with rules for incoming traffic, select the rule. The Protocol, Source, Source Port, Traffic Destination, and Destination Port fields will be filled in automatically. Proceed to step 14.

  5. If there is no suitable template, add your own rule for incoming traffic.

  6. Select a protocol: ICMP, TCP, UDP or All (Any).

  7. Enter the traffic source (Source) — IP address, subnet, or all addresses (Any).

  8. Enter the source port (Src. port) — a single port, a range of ports, or all ports (Any).

  9. Enter the Destination — IP address, subnet, or Any. If you specify a subnet, the rule applies to all devices on the subnet.

  10. Enter the destination port (Dst. port) — a single port, a range of ports, or all ports (Any).

    Traffic to any TCP/UDP port blocked in Selectel by default, will be denied even if you specify that port in the rule.

  11. Enter a name for the rule or leave the name created automatically.

  12. Optional: enter a comment for the rule.

  13. Click Add.

  1. Check the order of the rules, they are executed in order in the list — from top to bottom. If necessary, change the order by dragging and dropping the rules. After creating the firewall, you can reorder.

Change the rule

carefully

After changing a rule on the cloud router, active sessions that match the changed rule will be terminated.

  1. In control panel go to Cloud platformFirewalls.

  2. Open the firewall page.

  3. Open the tab depending on which traffic you want to change the rule for:

    • for incoming traffic — Incoming traffic;
    • for outbound traffic — Outgoing traffic.
  4. On the menu. select the rules Change the rule.

  1. Select an action:

    • Allow — Allow traffic;
    • Deny — deny traffic.
  2. If templates with rules for incoming traffic, select the rule. The Protocol, Source, Source Port, Traffic Destination, and Destination Port fields will be filled in automatically. Proceed to step 13.

  3. If there is no suitable template, add your own rule for incoming traffic.

  4. Select a protocol: ICMP, TCP, UDP or All (Any).

  5. Enter the traffic source (Source) — IP address, subnet, or all addresses (Any).

  6. Enter the source port (Src. port) — a single port, a range of ports, or all ports (Any).

  7. Enter the Destination — IP address, subnet, or Any. If you specify a subnet, the rule applies to all devices on the subnet.

  8. Enter the destination port (Dst. port) — a single port, a range of ports, or all ports (Any).

    Traffic to any TCP/UDP port blocked in Selectel by default, will be denied even if you specify that port in the rule.

  1. Enter a name for the rule or leave the name created automatically.
  2. Optional: enter a comment for the rule.
  3. Click Save.

Change the order of the rules

carefully

After the rule order change, active sessions on the cloud router that match the new rule order will be terminated.

  1. In control panel go to Cloud platformFirewalls.

  2. Open the firewall page.

  3. Open the tab depending on which traffic you want to change the order of the rules for:

    • for incoming traffic — Incoming traffic;
    • for outbound traffic — Outgoing traffic.
  4. Click Change the order of the rules.

  5. Drag and drop the rules. The rules are executed in order in the list — from top to bottom.

  6. Click Preserve the order of the rules.

Enable rule

  1. In control panel go to Cloud platformFirewalls.

  2. Open the firewall page.

  3. Open the tab depending on which traffic you want to enable the rule for:

    • for incoming traffic — Incoming traffic;
    • for outbound traffic — Outgoing traffic.
  4. On the line with the rule, include the rule.

Disable rule

carefully

The rule will no longer be in effect — traffic that was allowed by this rule will be denied. Active sessions that were set by this rule will be terminated on the cloud router.

  1. In control panel go to Cloud platformFirewalls.

  2. Open the firewall page.

  3. Open the tab depending on which traffic you want to disable the rule for:

    • for incoming traffic — Incoming traffic;
    • for outbound traffic — Outgoing traffic.
  4. In the line with the rule, disable the rule.

Delete rule

carefully

The rule will no longer be in effect — traffic that was allowed by this rule will be denied. Active sessions that were set by this rule will be terminated on the cloud router.

  1. In control panel go to Cloud platformFirewalls.

  2. Open the firewall page.

  3. Open the tab depending on which traffic you want to remove the rule for:

    • for incoming traffic — Incoming traffic;
    • for outbound traffic — Outgoing traffic.
  4. On the menu. select the rules Delete rule.

  5. Click Delete.