ClusterCS offers the possibility to easily manage your Firewall rules directly from the Control Panel interface.
You can make changes to the rules by going to Server->Firewall:
Now you should see the Default rules that ClusterCS created. They are the minimum required for the server and web services to communicate, in order to keep your server secured.
You can add your own rules by scrolling down. I will offer details about each option below:
The rule sampled above is made to allow SSH connections:
- Server: The server(s) on which you would like the firewall rule to be applied to
- Protocol: The protocol which is used (TCP is the most common)
- Source IP: The IP the requests come from. For example, to give access or block yourself only, enter your IP. If you want everyone to have access, leave it to any.
- Port spectrum: On which port do the requests come from. Usually the Source and Destination port is the same, however there are special situations in which they differ.
- State: The state of the incoming connection. ANY is the most used option.
- Destination IP: This is used mostly for servers that use multiple IPs on interfaces/subinterfaces. If you want to allow only connections coming to one IP, you can specify it here.
- Active: Set whether the rule is active or not when you Add it.
- Action: You can either block or allow connections that verify the rule you set here.
- Interface: You can limit the rule to apply only to connections coming on a certain interface. Leave empty if you don’t want this option.
- Description: Set a description which is visible in the Control Panel to know what you set the rule for.
After you click Add to add the rule to the Control Panel, you can either apply it or set another one before applying them to the firewall at once.
You will see a message, and the rules will be active in a couple of minutes.