Manage basic firewall rules

For a basic firewall, you can add new rules, modify existing rules and their order, and delete rules.

Look at examples of how the rules are used.

Add rule⁠

carefully

After adding the first rule for a destination, the base rule is automatically connected: all traffic that is not allowed is prohibited. You cannot delete the base rule.

You can configure up to 15 rules per traffic direction for one basic firewall. You can add up to 30 IP addresses or subnets to each rule for traffic source and traffic destination.

1. In the control panel top menu, click Products and select Dedicated Servers.

2. Go to the Basic Firewall section.

3. Open the firewall page.

4. Open the tab depending on which traffic you want to add a rule for:

   • for incoming traffic — Incoming traffic;
   • for outgoing traffic — Outgoing traffic.

5. If you have already added or edited rules, look at the status of the firewall. Make sure the firewall is in APPLIED status . On the menu of the rule list, click Edit Rule List. Click Add Rule.

6. If you have not added or edited rules, click Add Rule.

7. Check the direction of the traffic.

8. Select an action:

   • accept — accept traffic;
   • deny — deny traffic.

9. Enter Source address — IP addresses from which to accept requests.

10. Enter Destination address — IP addresses to which requests can be accepted.

11. Enter Source port — the source port from which the request is coming. You can enter a port or a range of ports, ports 1 through 65535 are available.

12. Enter Destination port — the port on which the request will be received. You can enter a port or a range of ports, ports 1 through 65535 are available. Traffic to any TCP/UDP port blocked in Servercore by default will be denied, even if you specify this port in the rule.

13. Select the protocol: TCP, UDP, ICMP, IPIP, GRE, ESP, NA.

14. Optional: enter a description of the rule.

15. Click Create Rule.

16. Check the order of the rules, they are executed in order in the list — from top to bottom. If necessary, change the order of the rules — drag and drop the rules.

17. Click Activate List. When the rules are activated, the firewall will go to the APPLIED status . It may take up to 30 seconds to apply the changes. If you do not activate the list, the rules are reset.

Change the rule⁠

1. In the control panel top menu, click Products and select Dedicated Servers.

2. Go to the Basic Firewall section.

3. Open the firewall page.

4. Open the tab depending on which traffic you want to change the rule for:

   • for incoming traffic — Incoming traffic;
   • for outgoing traffic — Outgoing traffic.

5. On the menu of the rule list, click Edit Rule List.

6. On the menu of the rule, click Edit Rule.

7. Change the values of the parameters in the rule.

8. Click Save Changes.

9. Click Activate List. When the rules are activated, the firewall will go to the APPLIED status . It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes are discarded.

Change the order of the rules⁠

1. In the control panel top menu, click Products and select Dedicated Servers.

2. Go to the Basic Firewall section.

3. Open the firewall page.

4. Open the tab depending on which traffic you want to change the order of the rules for:

   • for incoming traffic — Incoming traffic;
   • for outgoing traffic — Outgoing traffic.

5. On the rules menu, click Edit Rule List.

6. Drag and drop rules. You cannot drag and drop a base rule.

7. Click Activate List. When the rules are activated, the firewall will go to the APPLIED status . It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes are discarded.

Delete rule⁠

carefully

The rule will no longer be in effect — traffic that was allowed by this rule will be denied.

1. In the Control Panel top menu, click Products → Dedicated Servers → Basic Firewall section.

2. Go to the Basic Firewall section.

3. Open the firewall page.

4. Open the tab depending on which traffic you want to remove the rule for:

   • for incoming traffic — Incoming traffic;
   • for outgoing traffic — Outgoing traffic.

5. On the menu of the rule list, click Edit Rule List.

6. From the menu of the rule, click Delete Rule.

7. Click Activate List. When the rules are activated, the firewall will go to the APPLIED status . It may take up to 30 seconds to apply the changes. If you do not activate the list, the changes are discarded.

Examples of rule usage⁠

Allow traffic from a specific IP address only⁠

1. In the control panel top menu, click Products and select Dedicated Servers.

2. Go to the Basic Firewall section.

3. Open the firewall page.

4. Allow incoming traffic from a specific IP address:

   4.1.Open the Incoming Traffic tab.

   4.2.If you have already added or edited rules, look at the status of the firewall. Make sure the firewall is in APPLIED status . On the menu of the rule list, click Edit Rule List. Click Add Rule.

   4.3.If you have not added or edited rules, click Add Rule.

   4.4. In the Traffic field, select Incoming.

   4.5.In the Action field, select Accept.

   4.6.In the Source address field, enter the IP addresses from which to accept requests.

   4.7.Click Create Rule.

5. Allow all outgoing traffic:

   5.1.Open the Outgoing Traffic tab.

   5.2.Click Add Rule.

   5.3.In the Traffic field, select Outgoing.

   5.4.In the Action field, select Accept.

   5.5.Click Create Rule.

6. Click Activate List. When the rules are activated, the firewall goes to APPLIED status . If you do not activate the list, the rules are reset.

Allow traffic only from a specific with IP address and ports⁠

1. In the control panel top menu, click Products and select Dedicated Servers.

2. Go to the Basic Firewall section.

3. Open the firewall page.

4. Allow incoming traffic from a specific IP address and ports:

   4.1.Open the Incoming Traffic tab.

   4.2.If you have already added or edited rules, look at the status of the firewall. Make sure the firewall is in APPLIED status . On the menu of the rule list, click Edit Rule List. Click Add Rule.

   4.3.If you have not added or edited rules, click Add Rule.

   4.4. In the Traffic field, select Incoming.

   4.5.In the Action field, select Accept.

   4.6.In the Source address field, enter the IP addresses from which to accept requests.

   4.7.In the Source port field, enter the ports or range of ports from which to accept requests.

   4.8.Click Create Rule.

5. Allow all outgoing traffic:

   5.1.Open the Outgoing Traffic tab.

   5.2.Click Add Rule.

   5.3.In the Traffic field, select Outgoing.

   5.4.In the Action field, select Accept.

   5.5.Click Create Rule.

6. Click Activate List. When the rules are activated, the firewall goes to APPLIED status . If you do not activate the list, the rules are reset.

Deny traffic from a specific IP address⁠

1. In the control panel top menu, click Products and select Dedicated Servers.

2. Go to the Basic Firewall section.

3. Open the firewall page.

4. Deny incoming traffic from a specific IP address:

   4.1.Open the Incoming Traffic tab.

   4.2.If you have already added or edited rules, look at the status of the firewall. Make sure the firewall is in APPLIED status . On the menu of the rule list, click Edit Rule List. Click Add Rule.

   4.3.If you have not added or edited rules, click Add Rule.

   4.4. In the Traffic field, select Incoming.

   4.5.In the Action field, select Deny.

   4.6.In the Source address field, enter the IP addresses from which you do not want to receive requests.

   4.7.Click Create Rule.

5. Allow the rest of the incoming traffic:

   5.1.Open the Incoming Traffic tab.

   5.2.Click Add Rule.

   5.3. In the Traffic field, select Incoming.

   5.4.In the Action field, select Accept.

   5.5.Click Create Rule.

6. Allow all outgoing traffic:

   6.1.Open the Outgoing Traffic tab.

   6.2.Click Add Rule.

   6.3.In the Traffic field, select Outgoing.

   6.4.In the Action field, select Accept.

   6.5.Click Create Rule.

7. Check the order of the incoming traffic rules: in this example, the first rule should be the Deny rule and the second rule should be the Allow rule.

8. Click Activate List. When the rules are activated, the firewall goes to APPLIED status . If you do not activate the list, the rules are reset.

Deny traffic from specific ports⁠

1. In the control panel top menu, click Products and select Dedicated Servers.

2. Go to the Basic Firewall section.

3. Open the firewall page.

4. Deny incoming traffic from specific ports:

   4.1.Open the Incoming Traffic tab.

   4.2.If you have already added or edited rules, look at the status of the firewall. Make sure the firewall is in APPLIED status . On the menu of the rule list, click Edit Rule List. Click Add Rule.

   4.3.If you have not added or edited rules, click Add Rule.

   4.4. In the Traffic field, select Incoming.

   4.5.In the Action field, select Deny.

   4.6.In the Source port field, enter the ports or range of ports from which requests are not allowed to be received.

   4.7.Click Create Rule.

5. Allow the rest of the incoming traffic:

   5.1.Open the Incoming Traffic tab.

   5.2.Click Add Rule.

   5.3. In the Traffic field, select Incoming.

   5.4.In the Action field, select Accept.

   5.5.Click Create Rule.

6. Allow all outgoing traffic:

   6.1.Open the Outgoing Traffic tab.

   6.2.Click Add Rule.

   6.3.In the Traffic field, select Outgoing.

   6.4.In the Action field, select Accept.

   6.5.Click Create Rule.

7. Check the order of the incoming traffic rules: in this example, the first rule should be the Deny rule and the second rule should be the Allow rule.

8. Click Activate List. When the rules are activated, the firewall goes to APPLIED status . If you do not activate the list, the rules are reset.