Setup a Firewall
Activate and configure a Firewall for each network interface (NIC) to better protect your servers from attacks. IONOS Cloud Firewalls can filter incoming (ingress), outgoing (egress), or bidirectional traffic. When configuring Firewalls, it is important to set proper rules, otherwise, traffic will not be correctly filtered. Please note that a Firewall without set rules blocks all traffic.
1. In the Workspace, select a VM with a NIC.
2. From the Inspector, open the Network tab.
3. Open the properties of the NIC for which you wish to set up a Firewall.
4. To activate the Firewall,choose between Ingress / Egress / Bidirectional
Activate the Firewall from the Inspector pane by choosing Ingress/Egress/Bidirectional. Make sure to set rules for the Firewall
Activating the Firewall without additional rules will block all incoming traffic. You can now add exceptions for ports and protocols by clicking Manage Rules.
To create rules, define a new rule by clicking Create Firewall Rule.
Additionally, you may add an existing set of rules by clicking Rules from Template.
As a third option, you may import an existing rule set by clicking Clone Rules from other NIC.
You may enter a new rule or clone/template existing rules for Firewalls.
Modify the values of the Firewall rule:
- Name: Enter a name for the rule.
- Source MAC: Enter the MAC address to be passed through by the firewall.
- Target IP: If you use virtual IP addresses on the same network interface, you can enter them here to allow access.
- Port Range Start: Set the first port of an entire port range.
- Port Range End: Set the last port of a port range, or enter the port from Port Range Start if you only want this port to be allowed.
- ICMP Type: Enter the ICMP Type to be allowed, e. g. 0 or 8 for echo requests (ping) or 30 for traceroutes.
- ICMP Code: Enter the ICMP Code to be allowed, e. g. 0 for echo requests.
When done, click Save to confirm your Firewall setup.