You're all set up and making the finishing touches to your VM, it's time to harden security by configuring the VM's firewall.
OnApp provides a VM-level Firewall that will carry out rules set by you against external/internal traffic before passing the packet on to the VMs internal OS, here's how you define those rules.
- Select "Services - Flexible Resources" from the side bar
2. Select the Resource Pool you wish to work with
3. Click on the VM you'd like to edit
4. Under the "Network" tab, select "Firewall"
5. As default the Firewall will accept all traffic, if you'd like it to drop all traffic except for the "allowed rules" change this setting to "DROP"
6. Add your Firewall rules as required
The fields relate to:
- Interface - Which interface to apply the rule against
- Address - A specific IP to block or allow (Example - allow only your IP for SSH)
- Port - The port number of the service to allow/block
- Protocol - The protocol being used by that port/service
- Command - Accept or Drop the traffic
7. Once happy, hit "Submit" to add the rule
In the below example we have:
- Set the Firewall to DROP all traffic (Excluding rules)
- Set the Firewall to accept Port 22 (SSH) access only from a specific IP
- Set the Firewall to allow only port 443 (HTTPS) access externally
This is how a server should be secured!
If you'd like your server secured for you, we can provide this as a server, simply get in touch!