Last updated on: 2019-01-24
Authored by: Rackspace Community
This article provides an overview of firewalls. To understand what a firewall is, you first need to understand what the Internet is.
The Internet is a web-like network of computers. Some computers (like your laptop) specialize primarily in client-side tasks. Others (like a Rackspace cloud server) specialize primarily in server-side tasks. Some highly specialized computers only route communications between other computers. These computers are called routers and switches.
Computers communicate by sending data in packets. These packets come in a variety of sizes and “shapes”, depending on the protocols that they follow. A packet might contain all of the following information:
The purpose of a firewall is to block unwanted and possibly malicious packets. A typical firewall performs this task by looking at the first six pieces of information in the preceding list, while more sophisticated firewalls and traffic analyzers employ more advanced techniques.
When you set up a firewall on your cloud server, you need to poke a few holes in it so that you can receive communications from essential services.
First, you need to identify which communications are coming from and going to those services. You can find this information by looking at the following common port numbers:
|Port (IP protocols)||Service/Protocol|
|21 (Transfer Control Protocol (TCP))||File Transfer Protocol (FTP)|
|22 (TCP and User Datagram Protocol (TCP/UDP))||Secure Shell and Secure File Transfer Protocol (SSH/SFTP)|
|25 and 587||Simple Mail Transfer Protocol (SMTP)|
|53 (TCP/UDP)||Domain Name System (DNS)|
|80 (TCP/UDP)||Hypertext Transfer Protocol (HTTP)|
|110 (TCP)||Post Office Protocol (POP3)|
|143 (TCP/UDP)||Internet Message Access Protocol (IMAP)|
|389 (TCP/UDP)||Lightweight Directory Access Protocol (LDAP)|
|443 (TCP/UDP)||Secure HTTP (HTTPS)|
|465 (TCP)||Simple Mail Transfer Protocol Secure (SMTPS)|
|636 (TCP/UDP)||Secure LDAP (LDAPS)|
|5900 (TCP/UDP)||Virtual Network Computing (VNC)|
|6660-6669 (TCP)||Internet Relay Chat (IRC)|
|8080 (TCP)||Apache® Tomcat®|
Port numbers enable you to poke holes in your firewall for the services that you want to open to the world. There are many additional port numbers.
It is important to use whitelists, which are list of services that you allow while denying everything else.
For example, if you want to open up access to your web server and nothing else, your rule list might look like the following example:
If you also want to allow Secure Shell (SSH) access, but only from one specific IP address, your list might look like the following example:
ALLOW: DestPort=22 && SrcIP=188.8.131.52
The line that says
DENY: ALL is perhaps the most important line in your
firewall rules because it blocks everything that you do not specifically
allow. You should usually place this line at the bottom.
You might also find the following resources helpful:
©2020 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License