With the Steadfast Cloud Platform you can set firewall rules for the network interfaces of virtual machines. There are two types of firewall rules:
Important: In some cases, rebooting a VM from the console instead of the control panel may cause inconsistent firewall behavior. To workaround this issue, if you experience it, we recommend one of the following actions:
-
Configure a software firewall on the inside of your VM at the OS level instead of using the control panel firewall settings
-
Always reboot your VM using the control panel, rather than rebooting it from the console.
Configuring a Rule
-
Go to your Control Panel’s Virtual Machines menu.
-
Click the label of the machine to which you want to configure a firewall rule.
-
Mouse over the “Networking” menu and click on the “Firewall” item.
-
On the page that appears set the following:
-
Choose the network interface.
-
Specify if the rule should be commanded to such that requests are accepted or dropped.
-
Set the source IP address this rule will apply to.
-
Set the destination port this rule will apply to.
-
Choose the protocol (TCP or UDP).
-
Click the “Add Rule” button to save the rule.
Example:
-
The "Int1 ACCEPT 122.158.111.21 22 TCP" firewall rule means that the Int1 network interface will accept all the requests and packets addressed from a 122.158.111.21 IP using TCP protocol on a 22 port.
-
The "Int2 DROP 122.158.111.21 22 UDP" firewall rule means that the Int2 network interface will reject all the requests and packets running from a 122.158.111.21 IP using TCP protocol on a 22 port.
Setting Rule Priorities
Since some rules can override each other, it is important to set the order in which they are processed. Use the up/down arrows next to a rule to set priority.
Editing or Deleting an Existing Rule
-
Go to your Control Panel’s Virtual Machines menu.
-
Click the label of the machine to which you want to configure a firewall rule.
-
Mouse over the “Networking” menu and click on the “Firewall” item.
-
On the page that appears you’ll see the list of all the rules:
-
Click the Edit icon next to a rule to edit its parameters.
-
To delete a rule from a VM, click the Delete icon next to a rule and confirm.
Setting Up Default Rules
OnApp allows setting default firewall rules which will be applied to all IP addresses with all ports for all protocols. To set default firewall rules:
-
Go to your Control Panel’s Virtual Machines menu.
-
Click the label of the machine to which you want to configure a firewall rule.
-
Mouse over the “Networking” menu and click on the “Firewall” item.
-
On the page that appears scroll down to the Default Firewall Rules section and set the following:
For example, if you choose the network interface Int1 with the ACCEPT rule, it means that firewall set to Int1 network interface will accept all the requests and packet types from all IPs. If you define the Int2 network interface with the DROP rule, the firewall of the Int2 will block all the requests and packets addressed to it.
|