The internal firewall
Mostly used for advanced configurations, where nodes are placed in locations facing internet traffic, there is a built-in firewall in Control Center.
You access the firewall configuration in the domain configuration dialog for each node.
Opening domain configuration dialog:
Starting the firewall configuration GUI.
There are three sections to the firewall.
Domain Discovery
When connecting a dbWatch Monitor to a node, it will by default provide a list of its known domains and you can select wich one to (attempt to) join. If Domain Discovery is turned off, the list will not be provided and the user has to enter the domain manually.
Domains
Specifies what domains this node will forward certificates for. This is typically used for a node that works as a cloud router.
Rules
The rules section allows you to add IP addresses and ranges to allow or deny. The list starts at the top and either allows or denies based on the rules.
The default setup is to have three rules:
| Action | From host | Limit |
| ALLOW | 127.0.0.1/32 | 100 |
| ALLOW | 0.0.0.0/0 | 100 |
| DENY | 0.0.0.0/0 | -1 |
The first rule is explicit allowing connections from IP 127.0.0.1 (only this IP), limiting to 100 max connections.
The second rule is allowing all IP addresses, limiting to 100 max connections.
The third rule is denying all connections not hit by any of the above rules (which in this case would be none)
The idea is to replace the 0.0.0.0/0 rule with either a specific with an address in the CIDR address notation. (192.168.0.0/24 for 192.168.0.0-192.168.0.255, 192.168.0.3/32 of only the 192.168.0.3 IP etc)
Post your comment on this topic.