Firewall Control Panel
The customer firewall is run at the border of the WMS network and operates independently from your server, providing a safe and convenient way to protect your server or virtual network.
1. Add Rule button
Opens the Add Firewall Rule dialog:
Firewall rules are applied on a per-interface basis, so the firewall is already configured with your local IP (the address on the VM's NIC). When adding a new rule, you only need to specify the remote IP, direction, service and action.
The Remote IP, Service and Comments fields are multi-line and can accept multiple arguments on new lines, or as comma-separated lists.
Remote IP field will accept the following input:
|IPs in CDIR notation||184.108.40.206/32|
|Comma separated lists||220.127.116.11, 18.104.22.168/32|
|All IP addresses||any|
Any lines starting with the # symbol will be ignored by the firewall and can be used to temporarily disable an IP address without having to delete it from the rule base.
Direction field is relative to your VM. Valid values are in or out.
The Service field will accept the following input:
|Single TCP port numbers||25|
|TCP port ranges||25-30|
|Comma separated lists||25,26,27|
|Specific protocols||tcp:53, udp:53, icmp:8|
|Service names||ping, http, domain (see Table 3 below)|
|Any combination of the above||25, 26-28, tcp:53, udp:53|
Any lines starting with the # symbol will be ignored by the firewall and can be used to temporarily disable a service without having to delete it from the rule base.
|udp:137, udp:138, tcp:139||netbios|
Specifies the action taken when the rule is matched. Valid values are allow or drop.
This field accepts any text as a rule description, but filling it out is optional.
2. Sort Handle
Used to re-order rules by dragging vertically. Useful for fine-tuning your rule base, e.g, if you're permitting HTTP traffic from all IPs and want to exclude a specific nuisance IP, you would add a rule denying HTTP for the specific IP and drag it above the rule which permits HTTP traffic for all.
3. Edit Rule button
Displays the edit rule dialog, allowing you to change, add, or delete the remote IP, direction, service or action. See Add Rule for syntax examples.
4. Delete Rule button
Prompts for confirmation by showing you the rule about to be deleted, then removes the selected rule from the rule base.
5. File Menu
Contains the following options:
- New. Creates a new rule base and prompts for a name. New rule bases can be based on templates that are empty (deny all) or have a basic rule to allow all traffic in both directions. They can also be based on any existing saved rule bases you may have.
- Open. Opens an existing rule base from any you have saved.
- Rename. Renames the current rule base.
- Save As. Saves a copy of the current rule base and opens it in the editor.
- Delete. Deletes a saved rule base.
- Attach. Allows you to choose from a list of all network interfaces on all your VMs and applies the current rule base to the selected interface.
In addition to the attach rule above, you can also apply a firewall rule base to a network interface from the network dialog in the control panel.
6. Firewall Status
This section displays which servers and interfaces the firewall is currently installed on.