Creating a New Firewall rule to block an Ip address or a network

Creating a New Firewall rule to block an Ip address or a network

There are six default chains to configure firewall rules. Three for IPv4 and three for IPv6. 
These chains are input , output and forward packets. One can make additional user chain if required. For each chain, policy can be created.

Configuration via WebUI

1. Login as admin , go to Security and select Firewall.
2. Select which chain you want IPv4 or IPv6. If you want to go for IPv4 chain select INPUT chain for IPv4.
3. To add a new rule press Add .
4. Select target which in this case is DROP
5. Enter Ip address or network you want to block in source Ip/mask.
6. Select the interface for input and output. Let's select any.
7. Now scroll down for log option and select log level for IP tables log for this rule.
One can select debug for just informing about events.
8. Click Save


Configuration via CLI

1. Login with an admin in CLI (telnet/ssh/console)
2. Select the chain you want to apply rule to.

By default, there are six chains available.
- IPv4 - Input, Output, Forward
- IPv6 - Input, Output, Forward

To select particular chain type,
cd /settings/ipv4_firewall/chains/INPUT/
cd /settings/ipv4_firewall/chains/OUTPUT/
cd /settings/ipv4_firewall/chains/FORWARD/     

Type add to make a new rule.
add
Use the set command to create the new rule settings. Press tab twice to see all available options.
set target=DROP source_net4=ip address
save

Use the show command to see the current value for the rule.
show

[admin@nodegrid ]  #  cd settings/ipv4_firewall/chains/INPUT/
[admin@nodegrid ]  #  add
[admin@nodegrid ]  #  set target=DROP
[admin@nodegrid ]  #  set source_net4=172.16.0.0/16
[admin@nodegrid ]  #  set input_interface=any
[admin@nodegrid ]  #  set output_interface=any
[admin@nodegrid ]  #  set log_level=debug
[admin@nodegrid ]  #  commit

current IPv4 rules can be seen with command,
shell sudo /usr/sbin/iptables -L -nvx

    • Related Articles

    • Setting a firewall rule to block a single IP address

      Nodegrid can act as a firewall to filter traffic. It has six build in chains ( three for ipv4 and three for ipv6 ) - INPUT, OUTPUT and FORWARD Default policy can be assigned for each chain. For each chain, rules can be added deleted and modified. ...
    • How to Configure Firewall on a Nodegrid

      Version 0.1 (08 May 2018) Overview The Nodegrid platform comes with its own firewall which is based on iptables. The WebUI and the CLI provide an easy way of creating and managing the firewall. By default, the firewall accepts all incoming traffic. ...
    • Setting a Firewall Rule to Block a Single IP Address

    • Network Failover with Huawei E3276 USB Wireless Modem

      The E3276 USB wireless modem reports itself as a network device. So you will have to add a network connection in Nodegrid that binds to it. Here are the steps: 1. Login as admin in the Web UI and browse to Network, then Connections. Click Add and ...
    • Firewall Rules for the Nodegrid Platform

      Version 0.2 (17 May 2018) Overview This guide lists all required and recommended firewall rules, to ensure a proper working of the solution. The list will need to be adjusted based on specific customer requirements. By default will the firewall will ...