A firewall is an internal network security tool used to protect your server from network threats. With its help, you can filter incoming and outgoing connections to and from your server.
By configuring your firewall a certain way, you can decide which connections are allowed into your machines and which aren’t. You can set rules for all types of connections. However, there are some differences in configuring your firewall on our Hosting machine compared to a Cloud one.
Let’s review the differences.
Hosting:
Our hosting servers have only one firewall that is internal and can be configured according to your needs. We do not limit any rules or ports from our end.
There are a few tools you can use to configure the firewall on your server: ufw, iptables or firewalld. As the easiest tool, we’ll look at ufw and how to use it.
ufw is not installed on your server by default, so as the first step – you need to install it. Let’s do it the following way:
- sudo apt-get update & sudo apt-get upgrade;
- sudo apt-get install ufw.
Now, ufw is installed, and you can modify it according to your needs. Let’s look at some examples:
1. Setting default rules: you can either deny or allow incoming/outgoing connections. To do this, run sudo ufw default allow/deny incoming/outgoing. Here, we allowed both incoming and outgoing connections to our server:
2. Adding rules: you can add rules by either stating a port number or service name before the command allow/deny. For example, to allow incoming and outgoing connections to SSH/22 port, you would need to run sudo ufw allow ssh or sudo ufw allow 22. You can do the same to deny the connections via this port by writing deny instead of allow: sudo ufw deny 22/ssh.
3. If you’d like to set more specific rules, for example, allow or deny traffic from a specific IP or a combination of an IP and a port, you may perform the following command: sudo ufw allow/deny from [IP] to any port [port number] proto tcp/udp.
4. To remove a rule, simply run sudo ufw delete allow [port name/number].
This is all you need to configure firewall on your Hosting server to your personal needs.
Cloud:
All our Cloud Virtual machines come with a pre-configured Firewall available to you in your Customer Portal at the tab Cloud – Networking – Firewall.
Our own Firewall works in tandem with the internal firewall you have on your server. Meaning, the rules in both firewalls, ours and internal, should be configured the same way, otherwise, you can lose connection to your server due to the clash happening in the network configuration.
Since both firewalls work together, you cannot completely delete the Firewall attached to your machine in the Portal. If you do happen to delete it or detach it from a machine, the server will become completely unavailable over the network.
You may create multiple firewalls and attach them to your server. Here, you would still have to remember about the rule clash that can happen due to the number of firewalls.
By default, you have 43 rules already configured from the start in the Firewall in Portal. You may change/edit/delete the rules according to your needs, keeping in mind that the rules inside your own firewall should be configured similarly.
The firewall rules are available for both IPv6 and IPv4. However, you still need to first enable the IPv6 rules before you can configure them.
Enable them by turning the IPv6 toggle on:
Keep in mind that currently, it is not possible to reverse any changes made to your Firewall with the help of any toggles in the Portal. In case you misconfigured any rules, deleted the needed rules or deleted your firewall completely; to reverse the changes and restore default settings, you may use the following API request: https://api.gcore.com/docs/cloud#tag/Firewalls/operation/SecurityGroupRestore.post
Comments
0 comments
Please sign in to leave a comment.