Firewalls
What are Cloud Firewalls?
Cloud Firewalls allow you to easily secure your servers by specifying the network traffic that’s allowed to reach your server and what traffic your server is allowed to send out.
Are Cloud Firewalls stateful?
Yes, our Cloud Firewalls are stateful and track individual network connections and their states to and from your server. If your server sends out a request to the internet, the response traffic to that request is automatically allowed through the firewall, and you don’t need a separate inbound rule. For protocols like SIP, the firewall will also track “related” connections.
How do the Firewalls work?
The Cloud Firewalls allow you the define a set of rules for incoming and outgoing network traffic of your Cloud server. For the inbound direction (network traffic to your server): Your rules define all traffic that is allowed to reach the server. The inbound direction has an implicit “deny” at the end. All traffic that doesn’t match any of your rules will be dropped and will not reach your server. If you don’t define any rules here, all inbound traffic will be dropped.
For the outbound direction (network traffic from your server to the internet): If you define no rules for the outbound direction, all traffic is allowed. If you define one or more outbound rules, the outbound direction also changes to implicit “deny”, and all traffic that doesn’t match your rules is dropped.
What are the limitations of Firewalls?
- Assign up to 5 active firewalls per server
- Have up to 500 (effective) rules per firewall
- Have to 80000 active, concurrent connections per server (10000 new connections per second)
Is there traffic that’s always allowed?
Yes, our firewall will always allow traffic from certain Websiteroof services to reach your server. This currently includes DNS resolver traffic, traffic from the Websiteroof Rescue system, and the Cloud metadata server.
What is an effective rule?
The number of your firewall’s effective rules depends on how many different sources or destinations you have specified for each rule. An inbound rule that allows traffic to port 80 for 8 different sources counts as 8 effective rules.
Can I specify traffic that should get dropped?
No, you only define what traffic is allowed to and from your server. All other traffic will be dropped.
Does the order of my rules matter?
No, the order of your firewall rules does not matter, since our firewalls define what traffic is allowed.
What protocols do Firewalls support?
You can filter TCP, UDP and ICMP traffic. All other protocols (like GRE or IPIP) will be dropped if you attach a firewall.
How to access Firewall management?
1- Login to Client Portal
2- Navigate to my services, in this case it is your VPS server.
3- Click manage services located at bottom right:
4- Scroll down to server quick actions and click Firewall:
5- Firewalls management window will appear – click confirm:
6- Firewalls management dashboard will show – click add rules button:
7- A window will appear – fill in Values:
- IP Address
- Protocol
- Port
- Source/destination
8- Click confirm and you are done.