Skip to main content

Product Description Basic Firewall

Basic Firewall is a free stateless firewall (stateless firewall).Analyzes and filters all incoming and outgoing IPv4 traffic according to added filtering rules.

You can create a basic firewall only for the public dedicated subnet (VLAN) of a dedicated server You can view all created firewalls in the control panel: from the top menu, click ProductsDedicated ServersBasic Firewall section.

The basic firewall does not protect the network from DDoS attacks. For this purpose, Servercore has some TCP/UDP ports blocked by default and Servercore Protection is enabled.

Principle of operation

The basic firewall is deployed on the access layer router and is not configured by default.

To restrict traffic, add rules and activate the list of rules.The rules are executed sequentially, in order in the list.When the first rule is added, the base rule is automatically activated: all traffic that is not allowed by the rules is forbidden.You cannot delete the base rule.

The firewall analyzes incoming and outgoing traffic based on the values of the parameters in the rules:

  • protocol - TCP, UDP, ICMP, IPIP, GRE, ESP, NA protocols are supported;
  • The port or range of ports of the traffic source (source port);
  • port or range of destination ports (destination port);
  • The IP address or subnet of the traffic source (source address);
  • The IP address or subnet of the traffic destination (destination address).

The basic firewall processes each packet in isolation - it does not remember established connections and does not track the state of TCP-sessions.When analyzing traffic, the firewall checks only the header of each packet for compliance with the rules:

  • outgoing packets are inspected by outgoing rules only;
  • incoming packets are checked only against incoming rules, even if the incoming packet is a response to an authorized outgoing request.

For example, a rule that allows incoming SSH connections on port 22 has been added to the base firewall.To allow the server to send responses to SSH requests, you must add a rule for outgoing traffic - either allow all outgoing traffic or allow outgoing packets only from port 22.For more information about configuring base firewall rules, see the Examples of Base Firewall Rule Settings subsection of the Manage Base Firewall Rules tutorial .

Cost

A basic firewall is provided free of charge.

Limitations

Up to 15 rules can be configured per traffic direction.

Up to 30 IP addresses or subnets can be added to each rule for source address and destination address.

Only one firewall can be created per VLAN.