On the Firewall management page you can perform the following operations:
This section describes how to choose a required mode and add new rules.
The Firewall module has two modes:
In the Active mode, you cannot make changes to the active firewall configuration or apply individual rules on-the-fly as immediate application of a misconfigured rule could expose your server to a security threat or result in network disruption. In this mode, you can only view the existing firewall configuration. To configure firewall rules, you need to switch the firewall to the Edit mode.
To switch to the Edit mode:
Click the Edit Firewall Configuration button on the Firewall management page.
To switch to the Active mode:
Click the Revert to the Active Configuration button.
To add a custom rule:
For incoming communications you can specify the destination ports on your server, the protocol used for this communication, and the IP address the communications come from (see steps 4 and 5).
For outgoing communications you can specify the destination ports, destination IP address, and the protocol used for the communication (see steps 4 and 5).
For transit communications going through the server, you can specify the destination ports and source / destination IP addresses (see steps 4 and 5).
After you have defined all required rules, click Activate to apply them to your system. A confirmation screen will open, from which you can preview the shell script generated to apply your rules (this might be of interest only to advanced users). Click Activate to apply the new configuration.
When the module will be applying the new configuration, it will check for connection with the control panel. If there are some connection problems, the Firewall module will automatically revert to the previous active configuration in 60 seconds. Thus, if you misconfigure your firewall in such a way that access to your control panel is prohibited even for you, this wrong configuration will be automatically discarded and you will be able to access your server in any case.
Note: Unless your configuration is activated, you have a chance to discard all the rules you configured. To do this, click the Revert to Active Configuration button.
Under FreeBSD, all currently established TCP connections will drop when the new configuration is activated!