Use Cases
Blacklist IP addresses
A user wants to drop the packets coming from 1000 specific IP addresses.
-
Step 1 - User creates an ipset to group 1000 IP addresses. By doing so, she also benefits from the efficiency of search algorithm of the ipset.
-
Step 2 - User goes to the Client Groups section and selects the Client Group which she wants to add the rule.
-
Step 3 - Since the incoming request are going to be blocked, user selects INPUT chain of the Filter table.
-
Step 4 - User adds a rule with ipset reference as shown in the figure below.
Only Allow HTTP Ports
Joe is a system administrator and he wants to eliminate all requests targeting a group of servers, except the requests that comes from the HTTP ports 80 and 443.
-
Step 1 - Joe goes to the Ruleset section and creates a Ruleset under Filter table. The rule only accepts the TCP packets coming from specified ports.
-
Step 2 - He navigates to the Client Groups section and selects the group that he wants to change.
-
Step 3 - He selects INPUT chain of the Filter table.
-
Step 4 - He changes default policy of the INPUT chain to the DROP. So, if a packet do not match with any of the rules in this chain, it will be dropped.
-
Step 5 - He adds a rule, if the incoming packet is a TCP packet jump to the ruleset that is just defined.
-
Step 6 - Joe reorders the rule to the first place since he wants to accept the incoming HTTP requests quickly. Rules are operated sequentially.