ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Custom Firewall

Though most administrators will be able to accomplish all their firewall needs using the standard ClearOS web interface, it may be necessary to add custom firewall rules in some scenarios. The Custom Firewall Tool provides a way to create advanced firewall rules. Please use with caution!

Installation

If you did not select this module to be included during the installation process, you must first install the module.

You can find this feature in the menu system at the following location:

Network|Firewall|Custom

Configuration

An invalid custom rule can block remote access to webconfig.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?media=omedia:customfirewall.png

Examples

Limit SSH/Webconfig Access to Specific IP Addresses

The following entries would restrict remote SSH (port 22) an Webconfig (port 81) access to specific IP address that you define (i.e. allow remote login from office, home, datacenter etc.).

# Deny all SSH connections
iptables -I INPUT -p tcp --dport 22 -j DROP
# All connections from address xyz
iptables -I INPUT -p tcp --source 1.2.3.4 --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --source 5.6.7.8 --dport 22 -j ACCEPT

# Deny all webconfig connections
iptables -I INPUT -p tcp --dport 81 -j DROP
# All connections from address xyz
iptables -I INPUT -p tcp --source 1.2.3.4 --dport 81 -j ACCEPT
iptables -I INPUT -p tcp --source 5.6.7.8 --dport 81 -j ACCEPT

More Examples

You can find more examples here.

content/en_us/6_custom_firewall.txt · Last modified: 2015/03/02 15:10 (external edit)

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A6_custom_firewall&1558287313