How-To Guides
Page tree

Versions Compared

Old Version 1

changes.mady.by.user Unknown User (vsantana)

Saved on

compared with

New Version Current

changes.mady.by.user Christopher Justice

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Firewalls act as a barrier between computers on a network. Even though vnCloud is monitored in order to ensure security adding firewall rules helps increase security in your virtual machine.

Are you unsure about how to add firewall rules to your vm? Installing your vnCloud Firewall is quite easy. Here is a pictorial that will take you step-by-step through creating a firewall rule in 5 minutes!

 

...

Logging into MyVolico Account

  1. Log in to your MyVolico account.
  2. Click on "Access Cloud" from the dashboard.
  3. You will be directed to the cloud portal.

Understanding Firewall Rules

Within the cloud dashboard, there are two types of firewall rules:

  • ACCEPT: Defines the packets that will be accepted by the firewall.
  • DROP: Defines the packets that will be rejected by the firewall.

Adding a Specific Firewall Rule

  1. From the cloud dashboard, click on Virtual Servers menu.
  2. Click the label of the virtual server you're interested in.
  3. Click the Networking tab, then click Firewall.
  4. On the page that appears, set the following:
  • Choose the network interface.
  • Specify if the rule defines requests that should be accepted or dropped.
  • Set the IP address for which this rule is active.
  • Leave the empty field to apply this rule to all IPs.
  • Enter hyphen-separated IPs to apply the rule to an IP range (e.g. 192.168.1.1-192.168.1.10).
  • Enter the IPs with slash to apply the rule to CIDR (e.g. 192.168.1.1/24).
  • Set the port for which this rule will be effective.
  • Leave the empty field to apply the rule to all ports.
  • Enter colon-separated ports to apply the rule to a port range (e.g. 1024:1028).
  • Enter comma-separated ports to apply the rule to the list of ports (e.g. 80,443,21).
  • Choose the protocol (TCP, UDP, or ICMP).
  1. Save the rule by clicking the Add Rule button. The rule will be saved in the UI, but the transaction won't be started until you click the Apply Firewall Rules button.
  2. To start the transaction which runs firewall rules for a VS, click Apply firewall rules button.
  3. Use Up and Down arrow buttons in the left column to change firewall rule position.
  4. To edit or delete a firewall rule click the appropriate icon in the last column.

Setting Default Firewall Rules

  1. From the cloud dashboard, click on Virtual Servers menu.
  2. Click the label of the virtual server you're interested in.
  3. Click the Networking tab, then click Firewall.
  4. On the page that appears, set the following:
  5. Choose ACCEPT or DROP command next to the network interface and click Save Default Firewall Rules. The rule will be saved in the UI, but the transaction won't be started until you click the Apply Firewall Rules button.

Example 1: Int1 ACCEPT Rule

The firewall rule Int1 ACCEPT 122.158.111.21 22 TCP means:

  • Int1: This is the network interface that the rule applies to.
  • ACCEPT: This is the action that the firewall should take when the conditions of the rule are met. In this case, the firewall will allow the packets.
  • 122.158.111.21: This is the IP address that the rule applies to. The rule will only apply to packets coming from this IP address.
  • 22: This is the port number that the rule applies to. The rule will only apply to packets sent to this port.
  • TCP: This is the protocol that the rule applies to. The rule will only apply to packets using this protocol.


So, this rule means that the Int1 network interface will accept all requests and packets addressed from 122.158.111.21 using the TCP protocol on port 22.

Example 2: Int2 DROP Rule

The firewall rule Int2 DROP 122.158.111.21 22 UDP means:

  • Int2: This is the network interface that the rule applies to.
  • DROP: This is the action that the firewall should take when the conditions of the rule are met. In this case, the firewall will drop the packets, meaning it will reject them.
  • 122.158.111.21: This is the IP address that the rule applies to. The rule will only apply to packets coming from this IP address.
  • 22: This is the port number that the rule applies to. The rule will only apply to packets sent to this port.
  • UDP: This is the protocol that the rule applies to. The rule will only apply to packets using this protocol.


So, this rule means that the Int2 network interface will reject all requests and packets from 122.158.111.21 using the UDP protocol on port 22.

Additional Information

If you reboot a Xen-based VS from the console, the firewall rules for this VS will be lost, and you will need to update the firewall rules again.