Each firewall rule consists of three parts:
All traffic to your server that is not explicitly allowed due to an allow rule is blocked. Therefore, most of the rules you create in HeatShield will be allow rules that allow necessary traffic to your servers, such as allowing HTTP/HTTPS traffic to your web servers.
Occasionally, you might want to deny specific traffic that would have otherwise been allowed by an allow rule you created.
For example, you might have an allow rule that allows HTTP traffic (TCP port 80) from all IP addresses, but there's a particular IP address you still want blocked.
This is the purpose of a deny rule. Since deny rules are processed before allow rules, a specific deny rule to block a particular address will take precedence over a more general allow rule.
When services like web servers and database servers receive traffic, that traffic comes in to a specific port and protocol used by that service. For example, some common services and the ports and protocols they use are:
Each rule you create in HeatShield can apply to one of the following:
You can specify a range of contiguous ports in a single rule by specifying the start and end ports separated by a hyphen (-) in the middle. For example, 60000-61000 would represent the ports 60000 through 61000, inclusive.
You can also permit any port from a particular source by using the Any port selection.
When traffic comes in to your server, the source of the traffic always has an IP address. You can apply a firewall rule to traffic from a particular IP address by specifying that source IP address in the rule.
A rule's source IP address can be "Any" (meaning the rule applies to traffic from any address rather than a specific address), or it can be a specific IPv4 or IPv6 address.
You can also specify an address range for the source address by using CIDR notation. For example, 10.0.0.0/8 is CIDR notation for the address range 10.0.0.0–10.255.255.255.