Here you can set up a simple iptables firewall directly from the web interface of the application. For security reasons, this configuration can be carried out only by the administrator with the Master admin status.

+ Add new IP address

You can add individual IP addresses or whole ranges (e.g. 192.168.123.0/24).
For each IP address, you can individually allow or forbid the following services: HTTP, HTTPS, SSH, SMTP, POP3, IMAP, FTP, MySQL, Syslog and PING.
You can change the status to allowed/forbidden by clicking on /.

In the last line (Global), you can modify the default settings for individual services. For example, it is possible to forbid SSH globally or allow it only from predefined IP addresses.

+ Add optional port

Furthermore, it is possible to allow or forbid a different port from the predefined ones. You may add up to 5 rules of your own in the firewall settings, which you can then allow or forbid. This option is useful especially when ssh uses a different port from the standard one and you want it to be protected by the firewall. 

If you want to edit a particular manually added rule (a column in the firewall), you have to click on a given column in the header and change the rule.

A rule can be removed by entering “0” into the port number field.

Activate

If you click on this button, the firewall settings will be updated within 5 minutes. If you do not click on it, no changes will be made to the FW and you can continue setting things up.

If there are no IP addresses in the firewall, the function will not be activated. This option makes it possible for you to disable the FW that is automatically set up by the system and set up an individual FW at the level of the operating system.

You define rules according to your own requirements. At the very least, the following three public IP addresses should be allowed for technical support purposes:

• 95.173.194.62 (Our office)
• 95.173.193.40 (VPN server)
• 95.173.193.60 (Main server)

More about system security here.