IBM Cloud Docs
Configuring the Hardware Firewall

Configuring the Hardware Firewall

Configuring your Hardware Firewall is as simple as creating a set of rules to allow access to certain IP addresses or ports from specific internet addresses while denying traffic from other sources.

Adding a firewall to a server

To add a firewall to a server, follow the steps in Getting Started. If you receive an error, see the Known Limitations and Getting help and support.

Editing rules

When a firewall is first added to a server, a set of rules is initially put in place that allows all traffic to reach the server. The rules can then be edited to control the traffic that reaches the server.

Make sure the "status" indicates that the firewall is "Processing All Rules." Users can choose to bypass the rules if implemented rules have an unintended impact on their environment by clicking Bypass Rules in the Actions menu.

  1. From your browser, open the IBM Cloud catalog and log in to your account.

  2. Select the Menu icon Menu icon from the upper left, then click Infrastructure > Classic Infrastructure.

  3. From the devices list, click the firewall-protected device that you want to configure.

  4. In the Add-ons section, click Firewall details. It will redirect you to the firewall page.

  5. The Firewall Details page shows the current rules in effect for IPv4 and IPv6 addresses. If no rules are implemented, a yellow status icon shows with a "Bypassing all rules" message next to the device name.

    Rules are displayed in the order in which they are processed, with lower numbered rules having precedence over higher number rules. For example, if rule one allows a packet through, the packet ignores rules two and beyond.

    The fields are:

    Priority - This field contains the rule number. Lower numbered rules have precedence over higher numbered rules.

    Action - This select list is used to 'permit' or 'deny' traffic that matches this rule.

    Source - This field can be either 'any' or a specific IP address or the network address for a specific subnet.

    Destination - This field selects the destination IP (see Known Limitations if any issues arise).

    CIDR - This field indicates the standard CIDR notation for the selected source/destination.

    Port Range - These two fields indicate the range of ports (between 1 and 65535) that the rule applies to.

    Protocol - This field selects the protocol that the rule applies to (TCP/GRE/ICMP/UDP/PPTP/AH/ESP).

    Notes: Freeform field to enter any note about this rule.

  6. Click the Actions menu icon at the end of the row of the firewall rule to edit or delete the rule. Click Add rule at the upper right of the table to add a rule. The rules are automatically validated as you enter them.

  7. Click the Save or Add buttons to save the rule and apply to the firewall. The rule addition or update takes effect within two minutes.

The Delete action is disabled if the firewall includes only one rule.

Common ports

Common ports
Protocol Port
FTP 21
SSH 22
Telnet 23
SMTP 25
DNS 53
HTTP 80
POP3 110
IMAP 143
HTTPS 443
MSSQL 1433
MySQL 3306
Remote Desktop 3389
PostgreSQL 5432
VNC web 5800
VNC Client 5900
Urchin 9999 or 10000