Manage basic firewall rules
For a basic firewall, you can add new rules, modify existing rules and their order, delete rules.
Add rule
After adding the first rule for a direction, the base rule is automatically connected: all traffic that is not allowed is prohibited. You cannot delete a base rule.
-
In Control Panel, go to Servers and colocation → Basic Firewall.
-
Open the firewall page.
-
Open the tab depending on which traffic you want to add a rule for:
- for incoming traffic — Incoming traffic;
- for outgoing traffic — outgoing traffic.
-
If you have already added or edited rules, view firewall status. Verify that the firewall is displaying
APPLIEDstatus. From the firewall menu, click Change Rule List. Click Add Rule. -
If you have not added or edited rules, click Add Rule.
-
Check the direction of the traffic.
-
Select an action:
- accept — accept traffic;
- deny — deny traffic.
-
Enter Source address — IP addresses from which to accept requests. You can enter an IP address or subnet.
-
Enter Destination address — IP addresses to which requests can be accepted. You can enter an IP address or subnet.
-
Enter Source port — the source port from which the request is coming. You can enter a port or a range of ports.
-
Enter Destination port — the port on which the request will be received. You can enter a port or a range of ports. Traffic to any TCP/UDP port blocked in Selectel by default will be denied even if you specify that port in the rule.
-
Select the protocol: TCP, UDP, ICMP, IPIP, GRE, ESP, NA.
-
Optional: enter a description of the rule.
-
Click Create Rule.
-
Check the order of the rules, they are executed in order in the list — top to bottom. If necessary change rule order — drag and drop rules.
-
Press Activate List. When the rules are activated, the firewall will display the
APPLIEDstatus. It may take up to 30 seconds to apply the changes. If you don't activate the list, the rules will reset.
Modify rule
-
In Control Panel, go to Servers and colocation → Basic Firewall.
-
Open the firewall page.
-
Open the tab depending on which traffic you want to change the rule for:
- for incoming traffic — Incoming traffic;
- for outgoing traffic — outgoing traffic.
-
From the menu of the rule list, click Modify Rule List.
-
From the rule menu, click Edit Rule.
-
Change the values of the parameters in the rule.
-
Click Save Changes.
-
Press Activate List. When the rules are activated, the firewall will display the
APPLIEDstatus. It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes will be reset.
Change the order of the rules
-
In Control Panel, go to Servers and colocation → Basic Firewall.
-
Open the firewall page.
-
Open the tab depending on which traffic you want to change the order of the rules for:
- for incoming traffic — Incoming traffic;
- for outgoing traffic — outgoing traffic.
-
From the rules menu, click Modify Rules List.
-
Drag and drop rules. You can't drag and drop a base rule.
-
Press Activate List. When the rules are activated, the firewall will display an
APPLIEDstatus. It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes will be reset.
Delete rule
The rule will no longer be in effect — traffic that was allowed by this rule will be denied.
-
In Control Panel, go to Servers and colocation → Basic Firewall.
-
Open the firewall page.
-
Open the tab depending on which traffic you want to remove the rule for:
- for incoming traffic — Incoming traffic;
- for outgoing traffic — outgoing traffic.
-
From the menu of the rule list, click Modify Rule List.
-
From the rule menu, click Delete Rule.
-
Press Activate List. When the rules are activated, the firewall will display an
APPLIEDstatus. It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes will be reset.