Firewalls serve to control network access to simple application servers and isolate security domains in the cloud. This topic describes how to add firewall rules for a simple application server. This topic also describes the port information preset in firewalls.

Background information

By default, Secure Shell (SSH) port 22, HTTP port 80, and HTTPS port 443 are enabled for simple application servers. Other ports are disabled. You can add firewall rules to enable more ports.

If the port and protocol of a new rule are the same as the port and protocol of an existing enabled or disabled rule, the new rule overwrites the existing rule.

If you want to temporarily close a port, use the disable operation to free you from creating a new firewall rule when you want to open the port again.

Limits

  • You can create a maximum of 50 firewall rules for each simple application server.
  • Port 25 on simple application servers cannot be used to send emails to external resources. To send emails, use port 465.

Add a firewall rule

Warning When you add a firewall rule, configure the port range and IP addresses that are allowed to access the server as needed to prevent network attacks.
  1. Log on to the Simple Application Server console.
  2. In the left-side navigation pane, click Servers.
  3. Find the simple application server for which you want to add a firewall rule, and click the card of the server.
  4. In the left-side navigation pane, choose Security > Firewall.
    If you have never added firewall rules for the server, you can find only Ports 22, 80, and 443 over which traffic is allowed by default on the Firewall page.
  5. On the Firewall page, click Add Rules in the upper-right corner.
  6. In the Add Firewall Rule dialog box, configure parameters such as Application Type, Protocol, and Port Range and click OK.
    The following table describes the parameters.
    ParameterDescription
    Application Type
    You can select Customize from the Application Type drop-down list to customize a firewall rule, or select another value from the drop-down list to use a preset firewall rule.
    • If you use preset firewall rules, the protocols and port ranges are automatically populated. For more information about preset firewall rules, see Port information preset in firewalls.
    • If you want to customize one or more firewall rules, you must manually specify the protocols and port ranges.
    Protocol
    • If you select a preset firewall rule, a protocol is automatically populated.
    • If you customize a firewall rule, you must manually specify this parameter. Valid values: TCP and UDP.
    Port Range
    • If you select a preset firewall rule, a port range is automatically populated.
    • If you customize a firewall rule, you must manually specify this parameter. Valid values: 1 to 65535. You can use one of the following methods to set this parameter:
      • Specify a single port. For example, to allow traffic over Oracle listener Port 1521, enter 1521 in the Port Range field.
      • Specify a port number range. For example, to allow traffic over the port range 20000 to 30000 that you specify in the FTP configuration file, enter 20000/30000 in the Port Range field.
    IP Source to be UsedYou can enter a single IPv4 address. You can also enter a CIDR block to specify an IPv4 address range. The default value is 0.0.0.0/0, which indicates all IPv4 addresses.
    RemarkEnter a description for the firewall rule to facilitate subsequent management.
    You can click Add Rules to add more rules.
    After you add firewall rules, you can view the added rules on the Firewall page, as shown in the following figure. 2021-12-20_11-50-46

Enable and disable ports

If you want to temporarily open or close a port, perform the following operations to enable or disable the port. This eliminates the need to re-create a rule when you want to open the port again.

  1. Log on to the Simple Application Server console.
  2. Find the simple application server whose port you want to disable, and click the card of the server.
  3. In the left-side navigation pane, choose Security > Firewall.
  4. In the Actions column corresponding to the port that you want to disable, click Disable.
  5. In the Disable dialog box, verify the port information and enter information in the Remark field as needed. Click OK.
    Note If a firewall rule is disabled, the firewall port is also disabled, and the IP Source to be Used parameter is automatically set to 0.0.0.0/0 and cannot be modified.
    If you want to re-enable the port, click Enable in the Actions column corresponding to the port.

Port information preset in firewalls

Application typeProtocolPort rangeDescription
HTTPTCP80The default HTTP port.
HTTPSTCP443The default HTTPS port.
SSHTCP22The default SSH port.
FTPTCP21The default FTP port.
TELNETTCP23The default Telnet port.
MySQLTCP3306The default MySQL port.
All TCPTCP1~65535All TCP ports.
All UDPUDP1~65535All UDP ports.
All TCP and UDPTCP+UDP1~65535All TCP and UDP ports.
CustomTCP or UDP1~65535The custom port range.