4.2. Firewall
This tab provides a way to configure firewall rules for network aliases, which can be used to give qualified users access to restricted functionality on the system. Only certain inbound ports can be edited. These include 80 and 443, as well as the ports for MQTT, Grafana and OPC UA. Typically, you may wish to limit access to these ports to well-known source IP addresses, for example, the subnet of your plant environment.
- Network Aliases
The button opens a dialog where you can add a host alias for a network, and its corresponding IP address in CIDR notation. The button lets you edit the current selection, while the button lets you remove it.
- Rules
The and buttons open a dialog where you can add a firewall rule, or edit the one currently selected. The button removes the selected rule. The button refreshes the list.
Each firewall rule is defined as follows:
- Name
A single string with no spaces used to identify this rule.
- Description
An optional detailed description of the rule.
- Priority
The priority for enforcing this rule, over others. Priorities are applied in ascending order.
- Protocol
The protocol to which this rule applies. Protocols currently supported are TCP, UDP, LCMP, or any of those three.
- Access
Select or , as applicable.
- Source Address
An IP address, IP pattern, or host alias (see above).
- Destination Ports
The port or ports to which this rule applies.