Firewall rules
The firewall can be freely customized in our server tariffs. To do this, select the relevant server from Server administration.
Standard behavior
The firewall rule evaluation takes place in ascending order by position number. As soon as a rule applies, further rule evaluation is aborted immediately.
WAN connections
If no firewall rules have been configured, all incoming network connections are discarded. Outgoing connections are accepted unless configured separately.
LAN and VPC connections
In the default setting, the cloud firewall only filters WAN connections. If your server has a VPC network card, no network packets are blocked by the cloud firewall unless the firewall has been explicitly activated for the network card.
The firewall setting can be made in the Network area.
You can activate or deactivate the firewall for each additional network card, e.g. to also secure internal traffic via the firewall rules. The firewall cannot be deactivated for WAN networks.
Rule types
The cloud firewall provides different types of firewall rules. A distinction is currently made between static and dynamic rules.
Static rules
Static rules can be used to make explicit specifications for source and target networks. In addition, the firewall rule can be restricted to a selected network card and a specific network protocol.
Dynamic rules
Dynamic rules can be used to configure group rules that map various creoline services, among other things. The dynamic rules are managed by us and can be extended automatically. You can find more information on dynamic rules here.
Create firewall rule
Navigate to the Firewall tab and select the Create static rule button to create a new firewall rule.
The following settings are available when creating a new rule:
| Property | Description |
|---|---|
| Network card | Restrict the firewall rule to a specific network card. Important: The firewall must be activated for the selected network card. |
| Direction type | Specify the desired direction type of the rule. E.g. "Incoming connections" to block a specific port. |
| Action | Allow, reject or block |
| Source IP address | A source network can be specified via CIDR notation. Multiple IP addresses or networks can be specified using commas. |
| source port | The source port of the request. Port ranges can be specified via :. E.G. 8080:8090 |
| Protocol | Limit the rule to certain protocols, e.g. TCP |
| Target IP address | A target network can be specified via CIDR notation. Multiple IP addresses or networks can be specified using commas. |
| destination port | The destination port of the request. Multiple ports can be separated by commas. E.G. 80,443 . Port ranges can be specified via :. E.G. 8080:8090 |
| Rule status | Activate or deactivate the rule |
| Comment | The comment field can be used to document a firewall rule in more detail |
Warning Please note that an incorrect firewall configuration could jeopardize the availability of one or more services.
Edit firewall rule
Select the desired firewall rule via the Firewall tab and select the pencil icon.
Change firewall rule position
The list icon can be used to rearrange the firewall rules using drag-and-drop.
Attention: The change to the firewall rule arrangement is saved immediately and could have a negative impact on your services.