Protect your mCloud server with a Firewall

Back

Firewall is a program that monitors and controls all incoming and outgoing traffic on your server, based on the predefined set of rules. Your cloud server is initially set up to receive all incoming connections. We recommend that you use Firewall to limit this behavior so that you only allow the traffic that is really necessary.

Read below to learn about the types of rules you can set using Firewall.

Changing a Firewall rule

To change a rule for the Firewall, follow these steps:

  1. Choose option Cloud Server from the Services menu.

  2. Click the name of your server.

  3. Choose option Firewall from the Network menu.

  4. There a 3 sections you can edit: Firewall, Add new rule and Default firewall rules. First, we'll take a look at Default firewall rules.

Choose option DROP and click Save Default Firewall Rules.


 

This way we have disabled all incoming server traffic. In the sections below we will demonstrate yow you can enable port 80 from all IP addresses as well as port 3389 for one IP only. Using the same method you can define any other firewall rules that apply best for your infrastructure and thus improve the overall safety of your server.

Open port 80 for all IP addresses

To open port 80 for all IP addresses, follow these steps:

 

  1. Leave the Address field empty so this rule would apply for all IP addresses.

  2. Enter 80 in the Port field.

  3. Choose TCP Protocol.

  4. Choose ACCEPT from the Command menu.

  5. Click Submit.

  6. Click Apply Firewall Rules.

Open port 3389 for a single IP address

To open port 3389 for a single IP address, follow these steps:

 

  1. In the Address field enter the IP address you wish to allow for the 3389 port (we used a random private IP for this tutorial).

  2. Enter 3389 in the Port field.

  3. Choose TCP Protocol.

  4. Choose ACCEPT from the Command menu.

  5. Click Submit.

  6. Click Apply Firewall Rules.

Enabling a range of ports for a single IP address

To enable a range of ports for a single IP address follow these rules:


  1. In the Address field enter the IP address you wish to allow for the range of ports.

  2. In the Port field, specify the range of ports (e.g. 49152:5000)

  3. Choose TCP Protocol.

  4. Choose ACCEPT from the Command menu.

  5. Click Submit.

  6. Click Apply Firewall Rules.

At the end, your firewall rules will look something like this:

On the right, you'll see arrows to move firewall rules up or down per your wishes.