Manage basic firewall rules
For a basic firewall, you can add new rules, change the existing rules and their order, remove the rules.
Add rule
After adding the first rule for a destination, the base rule is automatically connected: all traffic that is not allowed is prohibited. You cannot delete the base rule.
You can configure up to 15 rules per traffic direction for one basic firewall. You can add up to 30 IP addresses or subnets to each rule for traffic source and traffic destination.
-
In control panel go to Servers and hardware → Basic firewall.
-
Open the firewall page.
-
Open the tab depending on which traffic you want to add a rule for:
- for incoming traffic — Incoming traffic;
- for outbound traffic — Outgoing traffic.
-
If you have already added or edited rules, check the status of the firewall. Verify that the firewall displays a status of
APPLIED
. On the menu. of the firewall, press Change the list of rules. Press Add rule. -
If you have not added or edited rules, click Add rule.
-
Check the direction of the traffic.
-
Select an action:
- accept — accept traffic;
- deny — deny traffic.
-
Enter Source address — IP addresses from which to accept requests.
-
Enter Destination address — IP addresses to which requests can be accepted.
-
Enter Source port — the source port from which the request is coming. You can enter a port or a range of ports.
-
Enter Destination port — the port on which the request will be received. You can enter a port or a range of ports. Traffic to any TCP/UDP port, locked in Selectel by default will be denied even if you specify that port in the rule.
-
Select the protocol: TCP, UDP, ICMP, IPIP, GRE, ESP, NA.
-
Optional: enter a description of the rule.
-
Click Create a rule.
-
Check the order of the rules, they are executed in order in the list — top to bottom. If necessary reorder the rules — drag and drop rules.
-
Click Activate list. When the rules are activated, the firewall will show a status of
APPLIED
. It may take up to 30 seconds to apply the changes. If you do not activate the list, the rules are reset.
Change the rule
-
In control panel go to Servers and hardware → Basic firewall.
-
Open the firewall page.
-
Open the tab depending on which traffic you want to change the rule for:
- for incoming traffic — Incoming traffic;
- for outbound traffic — Outgoing traffic.
-
On the menu. of the rule list, press Change the list of rules.
-
On the menu. rules click Edit rule.
-
Change the values of the parameters in the rule.
-
Click Save changes.
-
Click Activate list. When the rules are activated, the firewall will have a status of
APPLIED
. It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes will be discarded.
Change the order of the rules
-
In control panel go to Servers and hardware → Basic firewall.
-
Open the firewall page.
-
Open the tab depending on which traffic you want to change the order of the rules for:
- for incoming traffic — Incoming traffic;
- for outbound traffic — Outgoing traffic.
-
On the menu. rules click Change the list of rules.
-
Drag and drop rules. You cannot drag and drop a base rule.
-
Click Activate list. When the rules are activated, the firewall will have a status of
APPLIED
. It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes will be discarded.
Delete rule
The rule will no longer be in effect — traffic that was allowed by this rule will be denied.
-
In control panel go to Servers and hardware → Basic firewall.
-
Open the firewall page.
-
Open the tab depending on which traffic you want to remove the rule for:
- for incoming traffic — Incoming traffic;
- for outbound traffic — Outgoing traffic.
-
On the menu. of the rule list, press Change the list of rules.
-
On the menu. rules click Delete rule.
-
Click Activate list. When the rules are activated, the firewall will have a status of
APPLIED
. It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes will be discarded.