In this article we explain how you can create a rule in a firewall profile already created in your Clouding client panel.
Warning
Please, be aware that changes done in this profile, will apply to all the VMs it's assigned to.
If you wanto to erase or deactive a rule, have a look at this article.
Access the firewall profile
Access your client panel (if you don't remember how to access, in our article Access to your client panel, we explain how to do it).
Now access the main menu Servers and then access My Firewalls. In there, you can see all your firewall profiles. To edit it, clic on the pencil at the right side:
Create a rule
Once inside your profile, click on the "+" sign, to the right to Firewall Rules:
In the next screen you can choose between:
- Personalized rule
- All TCP
- All UDP
- All ICMP (Ping)
- Allow SSH
- Allow SMTP
- Allow DNS
- Allow HTTP
- Allow POP3
- Allow IMAP
- Allow LDAP
- Allow HTTPS
- Allow SMTPS
- Allow IMAPS
- Allow POP3S
- Allow MS-SQL
- Allow MySQL
- Allow RDP
- Allow GRE
If you want to allow traffic to any of those services, the best thing to do is to use the specific rule, since it will fill out all the fields. If you want to open a specific port that isn't predefined in the previous rules, choose "Personalized rule", and a screen like the one below will show up:
You'll have to fill out the fields:
- Protocol: if you don't know what type of protocol you're using, review the following paragraph.
- Ports range: in here we have to specify the port(s) you want to opne. If, for instance, you want to open port 8080, set the same value in "From port" and "To port". If, for instance, you want to open from port 5000 to port 5100, set 5000 in "From port" and 5100 in "To port".
- Origin IP: in this point, it's important being aware that it's the IP or IPs from which you can access the server, please, don't place the server's public IP. The IP's format is CIDR, so /0 is to any IP. For instance, if you want the access only from your IP, you have to set up IP-of-my-Connection/32. If you want to allow a whole range of 256 IPs of the 192.168.0.xxx range, set up 192.192.168.0/24. If you want to access from any IP, set up 0.0.0.0/0
- Depiction: In here you can set up any information that explains what that rule is doing, for instance "Access to port 8080 from the office IP".
Once all the fields have been fille out , clic on the "Send" button.
Assigning a firewall to a Private Network (VPC)
With the launch of VPCs, you will now be able to assign a firewall to a private network independently from the public network, here we will explain the steps to follow to perform this action:
First access the "Network" section of the specific server.
Then, go to the "Networks">"Private Networks (VPC)" section and click on the button with the PLUS symbol.
Once here, an auxiliary window will open where we will be able to select our Private Network (VPC) and which specific firewall we want to assign to it. Once the firewall has been assigned, click on "Submit".
Remember that if you wish, you can enable the "Use a specific IP address" option and assign yourself an IP address from the range you have set in the VPC.
How to know my port's protocol
In case that you don't know the protocol that your port is using, you can look for it the following way:
- For Linux servers, connect through SSH to your server and execute:
netstat -tulpn|grep :22
It will return:
EIn this example, we have looked for protocol to port 22, as you can see to the left of port 22, it works through tcp.tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 893/sshd tcp6 0 0 :::22 :::* LISTEN 893/sshd
- For Windows servers, you can connect through RDP to your server and execute:
netstat -ano|findstr :500
In this example, we have searched the protocol for the 500 protocol, as you can see on the left, port 500 works through the udp.UDP 0.0.0.0:500 *:* 3916 UDP [::]:500 *:* 3916