Firewalls can be used to implement access control on simple application servers and define security domains in the cloud. This topic describes the port information preset by the firewall feature and how to add firewall rules for a simple application server.

Background information

By default, the firewall of each simple application server allows traffic over Secure Shell (SSH) Port 22, HTTP Port 80, and HTTPS Port 443 and denies traffic on the other ports. You can add firewall rules to allow traffic over more ports.

If the port and protocol of a new rule are the same as the port and protocol of an existing enabled or disabled rule, the new rule overwrites the existing rule.

Add a firewall rule

  1. Log on to the Simple Application Server console.
  2. In the left-side navigation pane, click Servers.
  3. Find the simple application server for which you want to add a firewall rule, and click the card of the server.
  4. In the left-side navigation pane, choose Security > Firewall.
    If you have never added firewall rules for the server, you can find only Ports 22, 80, and 443 over which traffic is allowed by default on the Firewall page.
  5. On the Firewall page, click Add Rules in the upper-right corner.
  6. In the Add Firewall Rule dialog box, configure parameters such as Application Type, Protocol, and Port Range and click OK.
    The following table describes the parameters.
    Parameter Description
    Application Type
    You can select Customize from the Application Type drop-down list to customize a firewall rule, or select another value from the drop-down list to use a preset firewall rule.
    • If you use preset firewall rules, the protocols and port ranges are automatically populated. For more information about preset firewall rules, see Port information preset in firewalls.
    • If you want to customize one or more firewall rules, you must manually specify the protocols and port ranges.
    Protocol
    • If you select a preset firewall rule, a protocol is automatically populated.
    • If you customize a firewall rule, you must manually specify this parameter. Valid values: TCP and UDP.
    Port Range
    • If you select a preset firewall rule, a port range is automatically populated.
    • If you customize a firewall rule, you must manually specify this parameter. Valid values: 1 to 65535. You can use one of the following methods to set this parameter:
      • Specify a single port. For example, to allow traffic over Oracle listener Port 1521, enter 1521 in the Port Range field.
      • Specify a port number range. For example, to allow traffic over the port range 20000 to 30000 that you specify in the FTP configuration file, enter 20000/30000 in the Port Range field.
    IP Source to be Used You can enter a single IPv4 address. You can also enter a CIDR block to specify an IPv4 address range. The default value is 0.0.0.0/0, which indicates all IPv4 addresses.
    Remark Enter a description for the firewall rule to facilitate subsequent management.
    You can click +Add Rules to add more rules.
    After you add firewall rules, you can view the added rules on the Firewall page, as shown in the following figure. 2021-12-31_17-47-10

Enable and disable ports

If you want to temporarily open or close a port, perform the following operations to enable or disable the port. This eliminates the need to re-create a rule when you want to open the port again.

  1. Log on to the Simple Application Server console.
  2. Find the simple application server whose port you want to disable, and click the card of the server.
  3. In the left-side navigation pane, choose Security > Firewall.
  4. In the Actions column corresponding to the port that you want to disable, click Disable.
  5. In the Disable dialog box, verify the port information and enter information in the Remark field as needed. Click OK.
    Note If a firewall rule is disabled, the firewall port is also disabled, and the IP Source to be Used parameter is automatically set to 0.0.0.0/0 and cannot be modified.
    If you want to re-enable the port, click Enable in the Actions column corresponding to the port.

Port information preset in firewalls

Application type Protocol Port range Description
HTTP TCP 80 The default HTTP port.
HTTPS TCP 443 The default HTTPS port.
SSH TCP 22 The default SSH port.
FTP TCP 21 The default FTP port.
TELNET TCP 23 The default Telnet port.
MySQL TCP 3306 The default MySQL port.
All TCP TCP 1~65535 All TCP ports.
All UDP UDP 1~65535 All UDP ports.
All TCP and UDP TCP+UDP 1~65535 All TCP and UDP ports.
Custom TCP or UDP 1~65535 The custom port range.