Setting Up Egress Firewall Rules
Egress firewall rules can only be created in the context of a private IP address on a virtual network. An egress firewall rule will open the chosen port(s) on the public network and allow traffic sent on that port to be forwarded to the Internet. To create a new firewall rule, click on the "Add Egress Firewall Rule" button.
By default, all Stratosphere virtual networks are created with an egress rule that allows all outbound traffic from the entire range of addresses specified. It is not necessary to add any egress rules unless you specifically want to limit outbound traffic.
In the "New Firewall Rule" wizard, chose the protocol and port (or port range) that you would like to open. Also chose the range of IP addresses to which you want the rule to be applied. The range (or CIDR) can be all addresses on the virtual network or a specified range of addresses (i.e., custom).
If you select "Custom Rule", you will be presented with an option to add a subset of addresses that fall within the range you specified on your virtual network. Eg., if your network was specified as 192.168.120.0/24 (which would include addresses from 192.168.120.1 through 192.168.120.254), you could specify a rule for systems with addresses falling within a narrower subnet. Example:
- 192.168.120.0/25 (192.168.120.1 through 192.168.120.126)
- 192.168.120.0/26 (192.168.120.1 through 192.168.120.62)
- 192.168.120.0/27 (192.168.120.1 through 192.168.120.30)
- 192.168.120.0/28 (192.168.120.1 through 192.168.120.14)
- 192.168.120.0/29 (192.168.120.1 through 192.168.120.6)
- 192.168.120.0/30 (192.168.120.1 through 192.168.120.2).
The above example would allow only the single address, 192.168.120.100, to pass traffic externally.
Click on the "Create Firewall Rule" button to finalize your choice.
Note: You can create firewall rules for three protocols: TCP, UDP and ICMP Select the protocol for which you wish to create the rule by clicking on the up/down arrow.