General information about the Basic firewall product
Basic Firewall is a free stateless firewall (stateless firewall). Analyzes and filters all incoming and outgoing IPv4 traffic according to added filtering rules.
Create a basic firewall can only be used for public dedicated subnet (VLAN) dedicated server и deployed equipment. You can view all created firewalls in the control panels under Servers and hardware → Basic firewall.
The basic firewall does not protect the network from DDoS attacks. For this purpose, Selectel has a default some TCP/UDP ports are blocked and it's also connected Selectel Protection.
If you need a stateful firewall, order a firewall with advanced features.
Principle of operation
The basic firewall is deployed on the access layer router and is not configured by default.
To restrict traffic flow, add rules and activate the list of rules. The rules are executed sequentially, in order in the list. When the first rule is added, the base rule is automatically connected: all traffic that is not allowed is prohibited. The base rule cannot be deleted.
The firewall analyzes incoming and outgoing traffic based on the values of the parameters in the rules:
- protocol — TCP, UDP, ICMP, IPIP, GRE, ESP, NA protocols are supported;
- port or range of ports of the traffic source (source port);
- port or range of destination ports (destination port);
- The IP address or subnet of the traffic source (source address);
- The IP address or subnet of the traffic destination (destination address).
When analyzing traffic, the firewall only checks the header of each individual packet for compliance with the rules. After checking, it decides whether to allow or deny the packets.
Cost
A basic firewall is provided free of charge.
Limitations
Up to 15 rules can be configured per traffic direction.
Up to 30 IP addresses or subnets can be added to each rule for source address and destination address.
Only one firewall can be created per VLAN.