Key Features
- Stateful Inspection: Ubicloud firewalls remember the state of network connections (TCP/UDP) and can make decisions based on the connection state, which adds an extra layer of security. That said, if you add a rule that blocks a certain IP address, the existing connections would continue to stay alive until shutdown deliberately.
- Ingress Filtering: Firewalls in Ubicloud only allow inbound traffic based on explicitly defined rules. If no rules are specified, all inbound traffic is blocked except for communication within the private subnet. We currently do not support outbound rules.
- Simplified Management: Attach or detach one or more firewalls to your private subnet with ease, directly from the Ubicloud console.
Getting Started with Firewalls
Creating a Firewall
1
Navigate to Firewalls
On the dashboard, select the “Networking” option from the left menu. Then,
select the “Firewalls” tab.
2
Create a New Firewall
Click on the ”+ New Firewall” button. You will be prompted to enter details
such as the firewall’s name, description and the subnet you wish to attach.
After filling the details, click “Create”.
Configuring Firewall Rules
Specify Ingress Rules: Define which incoming traffic is allowed into your private subnet. You can specify rules based on IP addresses and port numbers. You can input a CIDR range and define the continuous port range to be allowed. After specifying CIDR and Port ranges, you simply hit “Create”. Some example CIDR and Port range usage can be like the following;Case | CIDR | Port Range |
---|---|---|
Allow all IP and port ranges | 0.0.0.0/0 | |
Allow all IP and port ranges | 0.0.0.0/0 | 0..65536 |
Allow a specific IP and ports between 80 and 90 | 123.123.123.123 | 80..90 |
Allow a subnet for a specific port | 1.1.1.0/24 | 22 |
Attaching a Firewall to a Private Subnet
1
Access Firewall Details
From the dashboard, select “Networking”, choose the “Firewall” tab. Select the
firewall you want to attach.
2
Attach to Subnet
Click on the “Select a Subnet” option, choose the private subnet and click
“Attach”. This action applies the firewall rules to all incoming traffic in
the subnet.