User Guide - Firewall

Firewall Control Panel


The customer firewall is run at the border of the WMS network and operates independently from your server, providing a safe and convenient way to protect your server or virtual network.

1. Add Rule button
Opens the Add Firewall Rule dialog:

Firewall rules are applied on a per-interface basis, so the firewall is already configured with your local IP (the address on the VM's NIC).  When adding a new rule, you only need to specify the remote IP, direction, service and action.

 

The Remote IP, Service and Comments fields are multi-line and can accept multiple arguments on new lines, or as comma-separated lists.

 

Remote IP field will accept the following input:

Input Example
Single IPs 192.228.79.201
IPs in CDIR notation 202.12.27.33/32
Comma separated lists 192.228.79.201, 202.12.27.33/32
All IP addresses any

 

Any lines starting with the # symbol will be ignored by the firewall and can be used to temporarily disable an IP address without having to delete it from the rule base.

 

Direction field is relative to your VM.  Valid values are in or out.

 

Service Examples

 

The Service field will accept the following input:

Input Example
Single TCP port numbers 25
TCP port ranges 25-30
Comma separated lists 25,26,27
Specific protocols tcp:53, udp:53, icmp:8
Service names ping, http, domain (see Table 3 below)
Any combination of the above 25, 26-28, tcp:53, udp:53
All services any

 

Any lines starting with the # symbol will be ignored by the firewall and can be used to temporarily disable a service without having to delete it from the rule base.

 

Service Names

Service Name Alt name
tcp:20, tcp:21 ftp  
tcp:22 ssh  
tcp:25 smtp  
tcp:53, udp:35 domain dns
tcp:80 www http
tcp:110 pop3  
tcp:111, udp:111 portmap  
udp:123 ntp  
udp:137, udp:138, tcp:139 netbios  
udp:143 imap  
udp:161 snmp  
tcp:389 ldap  
tcp:443 https  
tcp:636 ldaps ldap-ssl
tcp:873 rsync  
tcp:989, tcp:990 ftps ftp-ssl
tcp:993 imaps  
udp:1194 openvpn  
tcp:2049, udp:2049 nfs  
tcp:3306 mysql  
tcp:3389 rdp  
tcp:5432 postgresql pgsql

 

 

Action field.
Specifies the action taken when the rule is matched.  Valid values are allow or drop.

 

Comments field.
This field accepts any text as a rule description, but filling it out is optional.

 

2. Sort Handle

Used to re-order rules by dragging vertically.  Useful for fine-tuning your rule base, e.g, if you're permitting HTTP traffic from all IPs and want to exclude a specific nuisance IP, you would add a rule denying HTTP for the specific IP and drag it above the rule which permits HTTP traffic for all.


3. Edit Rule button
Displays the edit rule dialog, allowing you to change, add, or delete the remote IP, direction, service or action. See Add Rule for syntax examples.


4. Delete Rule button
Prompts for confirmation by showing you the rule about to be deleted, then removes the selected rule from the rule base.


5. File Menu
Contains the following options:

  •     New. Creates a new rule base and prompts for a name.  New rule bases can be based on templates that are empty (deny all) or have a basic rule to allow all traffic in both directions.  They can also be based on any existing saved rule bases you may have.
  •     Open. Opens an existing rule base from any you have saved.
  •     Rename. Renames the current rule base.
  •     Save As. Saves a copy of the current rule base and opens it in the editor.
  •     Delete. Deletes a saved rule base.
  •     Attach. Allows you to choose from a list of all network interfaces on all your VMs and applies the current rule base to the selected interface.

 

In addition to the attach rule above, you can also apply a firewall rule base to a network interface from the network dialog in the control panel.

 

6. Firewall Status
This section displays which servers and interfaces the firewall is currently installed on.