ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Incoming Firewall

The Incoming Firewall app is used for two primary purposes:

  • To allow external (Internet) connections to your ClearOS system
  • To permanently block a particular IP address or entire networks from accessing your system

Installation

If your system does not have this app available, you can install it via the Marketplace.

You can find this feature in the menu system at the following location:

Network|Firewall|Incoming Firewall

Configuration

Incoming Connections

When the firewall is enabled on your ClearOS system, the default behavior is to block all external (Internet) traffic. If you plan on running services on your ClearOS system that can be accessible from the Internet, then you will need to add the firewall policy to do so. For example, the OpenVPN server requires UDP port 1194 to be open on the firewall.

You can also open up ports to allow for remote management of your ClearOS system. For example, you can open up TCP port 81 to give access to the web-based administration tool (webconfig).

There are three ways to add an incoming firewall rule:

  • Select a standard service in the Standard Services form.
  • Input a protocol and single port number in the Port form.
  • Input a protocol and multiple consecutive ports in a port range in the Port Range form.

Unlike some other firewall systems you do not need to open a port on the incoming page if you are forwarding the port to an internal server on your network.

Block External Hosts

In some circumstances, you may want to block particularly annoying systems from ever connecting to your ClearOS system. For example, you may notice a lot of network traffic from a virus infested remote network. You can block this traffic by specifying an IP or network in the Block External Hosts tool.

content/en_us/6_incoming_firewall.txt · Last modified: 2015/03/02 22:43 (external edit)