General information about the Basic firewall product
Basic firewall is a free stateless firewall (stateful firewall). Analyzes and filters all incoming and outgoing IPv4 traffic according to added filtering rules.
Create a basic firewall can only be created for public dedicated subnet (VLAN) of dedicated server and hosted equipment. You can view all created firewalls in Control Panel under Servers and Hardware → Basic Firewall.
A basic firewall does not protect the network from DDoS attacks. For this purpose, Selectel has some TCP/UDP ports blocked by default, and Selectel Protection connected.
If you need a stateful firewall, order a firewall with advanced features.
Working principle
The basic firewall is deployed on the access layer router and is not configured by default.
To restrict traffic from passing through, add rules and activate the rule list. The rules are executed sequentially, in order on the list. When you add the first rule, the base rule is automatically connected: all traffic that is not allowed is prohibited. You cannot delete a base rule.
The firewall analyzes incoming and outgoing traffic based on the values of the parameters in the rules:
- protocol — TCP, UDP, ICMP, IPIP, GRE, ESP, NA protocols are supported;
- The port or range of ports of the traffic source (source port);
- port or range of destination ports (destination port);
- The IP address or subnet of the traffic source (source address);
- The IP address or subnet of the traffic destination (destination address).
When analyzing traffic, the firewall only checks the header of each individual packet for compliance with the rules. After inspection, it decides whether to allow or reject these packets.
Cost
A basic firewall is provided free of charge.
Restrictions
Up to 15 rules can be configured per traffic direction. Only one firewall can be created per VLAN.