Simple Application Server supports the firewall template feature that provides multiple firewall rules. You can use a template to add a set of firewall rules to one or more simple application servers at a time. This improves the efficiency of configuring firewall rules. This topic describes how to create, modify, and delete a firewall template, and use a firewall template to configure firewall rules for simple application servers.
Limits
You can create a maximum of 50 firewall templates in a region.
You can add a maximum of 50 firewall rules to a firewall template.
You can apply a maximum of 50 firewall rules to a simple application server.
You can apply a firewall template to a maximum of 10 simple application servers at a time.
Create a firewall template
Log on to the Simple Application Server console.
In the left-side navigation pane, click Firewall Templates.
On the Firewall Templates tab, click Create Template.
Follow the on-screen instructions to configure the parameters. The following table describes the parameters.
Parameter
Description
Name
The name of the firewall template.
Description
Enter a description for the firewall template to facilitate subsequent management.
Firewall rule
Application Type
The application type. Select an application type based on your business requirements.
Protocol
The protocol. Valid values: TCP, UDP, and ICMP.
NoteIf you set the Protocol parameter to ICMP, you must set the Port Range parameter to -1 to enable all ports, which is equivalent to setting the Source IP Address parameter to the default value 0.0.0.0/0. This way, access from all source IPv4 addresses is allowed.
Port Range
The port range. Valid range: 1 to 65535. You can use one of the following methods to configure this parameter:
Specify a single port.
Enter the port number that you want to enable. For example, if you want to allow traffic on MySQL listening port 3306, enter
3306
in the Port Range field.Specify a port range.
Use a forward slash (/) to separate the start port number and the end port number. For example, if you want to allow traffic over the port range 20000 to 30000 that you specify in the FTP configuration file, enter
20000/30000
in the Port Range field.
Source IP Address
The source IP addresses. The default value is 0.0.0.0/0, which specifies all IPv4 addresses.
ImportantConfigure IP addresses based on your requirements and follow the principle of least privilege to prevent network attacks on your server.
Policy
The policy of the firewall rule. This parameter is automatically set to Allow and cannot be changed.
Remarks
Enter remarks for the firewall rule.
If you want to add multiple firewall rules to the firewall template, click Add Rule.
The system provides common ports. You can click One-click Enable to enable common ports based on your business requirements.
NoteYou can add a maximum of 50 firewall rules to a firewall template.
Click Create Template.
NoteAfter you click One-click Enable, you must delete the empty firewall rule that is automatically displayed. Otherwise, the Create Template button is dimmed and cannot be used.
After you create a firewall template, you can use the firewall template to configure firewalls for simple application servers. For more information, see the "Configure firewall rules based on a firewall template" section of this topic.
Modify a firewall template
After you create a firewall template, you can add firewall rules to the firewall template, modify firewall rules in the firewall template, or delete firewall rules from the firewall template based on your business requirements. You can also apply firewall rules to simple application servers based on the firewall template.
Modifying rules in a firewall template, adding rules to a template, or removing rules from a template does not affect the simple application servers to which the template is applied.
Log on to the Simple Application Server console.
In the left-side navigation pane, click Firewall Templates.
On the Firewall Templates tab, click the ID of the firewall template that you want to modify.
On the Rule List tab, add, modify, or delete firewall rules based on your business requirements.
Add a firewall rule
Click Add Rule.
In the lower-left corner of the Add Rule panel, click Add Rule or One-click Enable.
Configure the firewall rule based on your business requirements. For more information about firewall rule parameters, see the "Create a firewall template" section of this topic.
Click Confirm.
Modify a firewall rule
Find the firewall rule that you want to modify. Click Modify Rule in the Actions column.
In the Modify Rule dialog box, modify the source IP address, protocol, port range, and remarks of the firewall rule based on your business requirements.
Click Confirm.
In the Modify Rule message, The rule is modified is displayed. Click Close.
Delete a firewall rule
Find the firewall rule that you want to delete. Click Delete in the Actions column.
You can also select the firewall rules that you want to delete and click Batch Delete in the lower-left corner of the rule list.
In the Delete message, click Confirm.
In the Delete message, x rules deleted is displayed. Click Close.
Configure firewall rules based on a firewall template
You can use a firewall template to configure firewall rules for one or more simple application servers. This improves your efficiency of configuring firewall rules.
If the port range, protocol, and source IP address of a firewall rule in a firewall template are the same as the port range, protocol, and source IP address of an existing rule, the new rule overwrites the existing rule regardless of whether the existing rule is enabled.
Apply a firewall template to a single simple application server
Log on to the Simple Application Server console.
In the left-side navigation pane, click Servers.
Find the simple application server for which you want to configure firewall rules based on a firewall template, and click the server ID in the card of the server.
Click the Firewall tab.
In the upper-left corner of the Firewall tab, click Apply Firewall Template.
In the Apply Firewall Template dialog box, select the firewall template that you want to apply and click Apply Template.
In the Apply Firewall Template dialog box, click View Execution Details.
You are directed to the Template Utilization History tab of the Firewall Templates page. On this tab, you can view details about the firewall template.
Apply a firewall template to multiple simple application servers
Log on to the Simple Application Server console.
In the left-side navigation pane, click Firewall Templates.
On the Firewall Templates tab, find the firewall template that you want to apply and click Apply in the Actions column.
In the Apply dialog box, select the simple application servers to which you want to apply the firewall template.
NoteYou can select a maximum of 10 simple application servers at a time.
Click OK.
In the Apply dialog box, click View Execution Details to view the application result of the firewall template.
You can also view the application details of the firewall template on the Template Utilization History tab of the Firewall Templates page. For more information, see the "View the application history of a firewall template" section of this topic.
View the application history of a firewall template
Even if a firewall template is deleted, you can still view its application history.
Log on to the Simple Application Server console.
In the left-side navigation pane, click Firewall Templates.
On the Firewall Templates page, click the Template Utilization History tab.
In the firewall template application history list, view the template ID/name, servers to which the firewall template is applied, and the application task status and creation time of the firewall template.
View the application details of the firewall template.
In the firewall template application history list, find the firewall template and click View Details in the Actions column.
In the Execution Details panel, view the execution result and execution content of the firewall template.
Delete a firewall template
Deleting a firewall template does not affect the firewall rules that have been applied to simple application servers. You can delete a firewall template that you no longer need.
Log on to the Simple Application Server console.
In the left-side navigation pane, click Firewall Templates.
On the Firewall Templates tab, find the firewall template that you want to delete and click Delete in the Actions column.
In the Delete message, click Confirm.
References
You can also configure firewall rules on the Firewall tab of a simple application server. For more information, see Manage the firewall of a simple application server.