Links

Configure a Firewall

Activate and configure a Firewall for each Network Interface Card (NIC) to better protect your servers from attacks. IONOS Cloud Firewalls can filter incoming (ingress), outgoing (egress), or bidirectional traffic. When configuring firewalls, define appropriate rules to filter traffic accordingly.

Activate a Firewall

To activate a Firewall, follow these steps:
1. In the Workspace, select a Virtual Machine with a NIC.
2. From the Inspector pane, open the Network tab.
3. Open the properties of the NIC for which you want to set up a Firewall.
4. Choose either Ingress, Egress, or Bidirectional traffic flow type for which the Firewall needs to be activated.
Activate a Firewall
Warning: Activating the Firewall without additional rules will block all incoming traffic. Make sure you set the Firewall rules by using Manage Rules.
Result: The Firewall is activated for the selected NIC.

Create a Firewall Rule

To create a Firewall rule, follow these steps:
1. In the Workspace, select a VM with a NIC.
2. From the Inspector pane, open the Network tab.
3. Open the properties of the NIC for which you wish to manages Firewall Rules.
4. Click Manage Rules.
5. Click Create Firewall Rule and choose from the following type of Firewall rules to add from the drop-down list:
  • Transmission Control Protocol (TCP) Rule
  • User Datagram Protocol (UDP) Rule
  • Internet Control Message Protocol (ICMP) Rule
  • ICMPv6 Rule
  • Any Protocol
Create a Firewall Rule
6. Enter values for the following in a Firewall rule:
  • Name: Enter a name for the rule.
  • Direction Choose the traffic direction between Ingress and Egress.
  • Source MAC: Enter the Media Access Control (MAC) address to be passed through by the firewall.
  • Source IP/CIDR: Enter the IP address to be passed through by the Firewall.
  • Destination IP/CIDR: If you use virtual IP addresses on the same network interface, you can enter them here to allow access.
  • Port Range Start: Set the first port of an entire port range.
  • Port Range End: Set the last port of a port range or enter the port from Port Range Start if you only want this port to be allowed.
  • ICMP Type: Enter the ICMP Type to be allowed. Example: 0 or 8 for echo requests (ping) or 30 for traceroutes.
  • ICMP Code: Enter the ICMP Code to be allowed. Example: 0 for echo requests.
  • IP Version: Select a version from the drop-down list. By default, it is Auto.
Values for a Firewall Rule
7. (Optional) You can add Firewall rules from an existing template by using Rules from Template. The Generic Webserver, Mailserver, Remote Access Linux, and Remote Access Windows are the types of Firewall rules you can add from the existing rules template.
Firewall Rules from Template
8. Alternatively, you may import an existing rule set from the Clone Rules from other NIC.
9. Click Save to confirm creating a Firewall rule.
Result: A Firewall Rule is created with the configured values.