Firewall rules

The firewall can be freely customized in our server tariffs. To do this, select the relevant server from Server administration.

Standard behavior

The firewall rule evaluation takes place in ascending order by position number. As soon as a rule applies, further rule evaluation is aborted immediately.

WAN connections

If no firewall rules have been configured, all incoming network connections are discarded. Outgoing connections are accepted unless configured separately.

LAN and VPC connections

In the default setting, the cloud firewall only filters WAN connections. If your server has a VPC network card, no network packets are blocked by the cloud firewall unless the firewall has been explicitly activated for the network card.

The firewall setting can be made in the Network area.

Server - Netzwerke

You can activate or deactivate the firewall for each additional network card, e.g. to also secure internal traffic via the firewall rules. The firewall cannot be deactivated for WAN networks.

Rule types

The cloud firewall provides different types of firewall rules. A distinction is currently made between static and dynamic rules.

Static rules

Static rules can be used to make explicit specifications for source and target networks. In addition, the firewall rule can be restricted to a selected network card and a specific network protocol.

Dynamic rules

Dynamic rules can be used to configure group rules that map various creoline services, among other things. The dynamic rules are managed by us and can be extended automatically. You can find more information on dynamic rules here.

Create firewall rule

Navigate to the Firewall tab and select the Create static rule button to create a new firewall rule.

Firewall - Regel erstellen

The following settings are available when creating a new rule:

Property Description
Network card Restrict the firewall rule to a specific network card. Important: The firewall must be activated for the selected network card.
Direction type Specify the desired direction type of the rule. E.g. "Incoming connections" to block a specific port.
Action Allow, reject or block
Source IP address A source network can be specified via CIDR notation. Multiple IP addresses or networks can be specified using commas.
source port The source port of the request. Port ranges can be specified via :. E.G. 8080:8090
Protocol Limit the rule to certain protocols, e.g. TCP
Target IP address A target network can be specified via CIDR notation. Multiple IP addresses or networks can be specified using commas.
destination port The destination port of the request. Multiple ports can be separated by commas. E.G. 80,443 . Port ranges can be specified via :. E.G. 8080:8090
Rule status Activate or deactivate the rule
Comment The comment field can be used to document a firewall rule in more detail

Warning Please note that an incorrect firewall configuration could jeopardize the availability of one or more services.

Edit firewall rule

Select the desired firewall rule via the Firewall tab and select the pencil icon.

Change firewall rule position

The list icon can be used to rearrange the firewall rules using drag-and-drop.

Attention: The change to the firewall rule arrangement is saved immediately and could have a negative impact on your services.

Similar articles