Skip to content

Firewall

How does the firewall work?

As of now the agent interfaces with IPtables and can manage a range of functions. This mandates that `iptables is installed on the device. The state based approach makes sure that the firewall rules are always checked and reestablished if they deviate from what is defined in the configuration.

Therefore, it is important that the firewall is either fully managed by the agent or not. If other tools configure the firewall this function should not be used as it would work against any other tool.

The agent always communicates over https on port 443, and it does not need any open ports, even for remote access.

Setting up the firewall configuration

First configure the default firewall policy:

  • Accept - accept all connections on all ports

  • Drop - deny all connections on all ports

Rules can be created for TCP or UDP.

It is possible to limit the IP access range or use ANY in order to allow any IP to connect.

CIDR notation is supported for subnets, thus it is possible to use 192.168.100.0/24 to allow only devices from the ip range 192.168.100.0 to 192.168.100.255. More information on CIDR notation.

Another practical feature is that you can access a list of all open ports on any device by pressing the "show open ports" button.