Firewall templates in Simple Application Server allow you to manage a collection of firewall rules. You can use a template to efficiently apply a consistent set of rules to one or more servers at once. This topic describes how to create, modify, delete, and apply firewall templates.
Limits
You can create a maximum of 50 firewall templates in a region.
You can add a maximum of 50 firewall rules to a firewall template.
You can apply a maximum of 50 firewall rules to a simple application server.
You can apply a firewall template to a maximum of 10 simple application servers at a time.
Create a firewall template
Go to the Firewall Templates page in the Simple Application Server console.
On the Firewall Templates tab, click Create Template.
Follow the on-screen instructions to configure the parameters. The following table describes the parameters.
Parameter
Description
Name
The name of the firewall template.
Description
Enter a description for the template to help you identify it later.
Firewall rule
Application Type
The application type. Select an application type based on your business requirements.
Protocol
The protocol. Valid values: TCP, UDP, and ICMP.
NoteIf you select the ICMP protocol, you must set the Port Range to -1/-1 (all ports) and the Source IP Address to 0.0.0.0/0 (all IPv4 addresses).
Port Range
The port range. Valid range: 1 to 65535. You can use one of the following methods to configure this parameter:
Specify a single port.
Enter the port number that you want to enable. For example, if you want to allow traffic on MySQL listening port 3306, enter
3306in the Port Range field.Specify a port range.
Use a forward slash (/) to separate the start port number and the end port number. For example, if you want to allow traffic over the port range 20000 to 30000 that you specify in the FTP configuration file, enter
20000/30000in the Port Range field.
Source IP Address
The source IP addresses. The default value is 0.0.0.0/0, which specifies all IPv4 addresses.
ImportantConfigure IP addresses based on your requirements and follow the principle of least privilege to prevent network attacks on your server.
Policy
The policy of the firewall rule. This parameter is automatically set to Allow and cannot be changed.
Remarks
Enter remarks for the firewall rule.
If you want to add multiple firewall rules to the firewall template, click Add Rule.
The system provides common ports. You can click One-click Enable to enable common ports based on your business requirements.
NoteYou can add a maximum of 50 firewall rules to a firewall template.
Click Create Template.
NoteAfter you click When you use One-click Enable, an empty rule is automatically added. You must delete this empty rule before you can create the template; otherwise, the Create Template button will be disabled.
After you create a firewall template, you can use the firewall template to configure firewalls for simple application servers. For more information, see the "Configure firewall rules based on a firewall template" section of this topic.
Modify a firewall template
After you create a firewall template, you can add firewall rules to the firewall template, modify firewall rules in the firewall template, or delete firewall rules from the firewall template based on your business requirements. You can also apply firewall rules to simple application servers based on the firewall template.
Changes to a firewall template (adding, modifying, or removing rules) do not affect servers where the template has already been applied.
Go to the Firewall Templates page in the Simple Application Server console.
On the Firewall Templates tab, click the ID of the firewall template that you want to modify.
On the Rule List tab, add, modify, or delete firewall rules based on your business requirements.
Add a firewall rule
Click Add Rule.
In the lower-left corner of the Add Rule panel, click Add Rule or One-click Enable.
Configure the firewall rule based on your business requirements. For more information about firewall rule parameters, see the "Create a firewall template" section of this topic.
Click Confirm.
Modify a firewall rule
Find the firewall rule that you want to modify. Click Modify Rule in the Actions column.
In the Modify Rule dialog box, modify the source IP address, protocol, port range, and remarks of the firewall rule based on your business requirements.
Click Confirm.
In the Modify Rule message, The rule is modified is displayed. Click Close.
Delete a firewall rule
Find the firewall rule that you want to delete. Click Delete in the Actions column.
You can also select the firewall rules that you want to delete and click Batch Delete in the lower-left corner of the rule list.
In the Delete message, click Confirm.
In the Delete message, you can see x rules deleted. Click Close.
Configure firewall rules based on a firewall template
You can use a firewall template to configure firewall rules for one or more simple application servers. This improves your efficiency of configuring firewall rules.
When you apply a template, if a rule in the template conflicts with an existing rule on the server (meaning they have the same protocol, port range, and source IP), the template's rule will overwrite the server's existing rule.
Apply a template to a single server
Go to the Servers page in the Simple Application Server console.
Find the server you want to configure and click its ID.
Click the Firewall tab.
In the upper-left corner of the Firewall tab, click Apply Firewall Template.
In the Apply Firewall Template dialog box, select the firewall template that you want to apply and click Apply Template.
In the Apply Firewall Template dialog box, click View Execution Details.
You are directed to the Template Utilization History tab of the Firewall Templates page. On this tab, you can view details about the firewall template.
Apply a template to multiple servers
Go to the Firewall Templates page in the Simple Application Server console.
On the Firewall Templates tab, find the template you want to apply and click Apply in the Actions column.
In the Apply dialog box, select the servers to which you want to apply the template.
NoteYou can select a maximum of 10 simple application servers at a time.
Click OK.
In the Apply dialog box, click View Execution Details to check the application result.
You can also view the application details of the firewall template on the Template Utilization History tab of the Firewall Templates page. For more information, see the "View the application history of a firewall template" section of this topic.
View the application history of a firewall template
Even if a firewall template is deleted, you can still view its application history.
Go to the Firewall Templates page in the Simple Application Server console.
On the Firewall Templates page, click the Template Utilization History tab.
The history list shows the template ID and name, the servers it was applied to, the task status, and the creation time.
View the application details of the firewall template.
In the firewall template application history list, find the firewall template and click View Details in the Actions column.
In the Execution Details panel, you can view the result of the task and the specific rules that were applied.
Delete a firewall template
Deleting a firewall template does not affect the rules on servers where the template has already been applied. You can safely delete templates that are no longer in use.
Go to the Firewall Templates page in the Simple Application Server console.
On the Firewall Templates tab, find the firewall template that you want to delete and click Delete in the Actions column.
In the Delete message, click Confirm.
References
You can also configure firewall rules on the Firewall tab of a simple application server. For more information, see Manage the firewall of a simple application server.