Skip to main content

Product Description Basic Firewall

The basic firewall is a free stateless firewall. It analyzes and filters all incoming and outgoing IPv4 traffic according to added filter rules.

Create a basic firewall only for a public dedicated subnet (VLAN) of a dedicated server. You can view all created firewalls in the Control panel: in the top menu, click ProductsDedicated servers → the Basic firewall section.

Basic firewall does not protect the network from DDoS attacks. For this purpose, Servercore has some TCP/UDP ports blocked by default, and Servercore Protection is enabled.

How it works

A basic firewall is deployed on the access layer router and is not configured by default.

To restrict traffic, add rules and activate the rule list. Rules are executed sequentially, in the order they appear in the list. When the first rule is added, a basic rule is automatically applied: all traffic not permitted by the rules is denied. You cannot delete the basic rule.

The firewall analyzes incoming and outgoing traffic based on the parameter values in the rules:

  • protocol — supported protocols are TCP, UDP, ICMP, IPIP, GRE, ESP, AH;
  • the port or range of ports of the traffic source (source port);
  • the port or range of ports of the traffic destination (destination port);
  • IP address or subnet of the traffic source (source address);
  • IP address or subnet of the traffic destination (destination address).

The basic firewall processes each packet in isolation—it does not remember established connections or track the state of TCP sessions. When analyzing traffic, the firewall only checks the header of each packet for compliance with the rules:

  • outgoing packets are checked only against outgoing rules;
  • incoming packets are checked only against incoming rules, even if an incoming packet is a response to an allowed outgoing request.

For example, if you add a rule to the basic firewall that allows incoming SSH connections on port 22, you also need to add a rule for outgoing traffic to allow the server to send responses to SSH requests—either allow all outgoing traffic or allow outgoing packets from port 22 only. Read more about basic firewall rule settings in the Basic firewall rule usage examples section of the Managing basic firewall rules article.

Cost

A basic firewall is provided free of charge.

Limitations

You can set up to 15 rules for each traffic direction.

For each rule, you can add up to 30 IP addresses or subnets for the traffic source (source address) and traffic destination (destination address).

You can create only one firewall for a single VLAN.