Overview
Genostack uses an internal firewall limiting external access to the instances. Even if you open the ports on the instance, and redirect the http access, you will not be able to connect to it from outside. You are however able to create new security groups and add your own security rules in it.
Security
When you create a new rule, you need to select the type of security you wish to use. There are two type available:
-
Remote IP prefix : an IP or an IP range which will be allowed to access the port or port range. You can allow all IPs by using “0.0.0.0/0”.
-
Remote security group : all instances using this security group will have access to the port.
Default rules
By default, the ports 80, 443, and 22 are opened to the outside. All ports are openened between instances using the default security group, meaning you do not need to make modifications for internal communication.
Create new rules
Rules are stored in Security groups. You can either add rules to an existing one, or create a new one. To do so, head to the Access and security tab. Once you have selected or created the security group you wish to use, use the Manage rules button. There, you can create or modify rules.
There are several parameters you can customize when creating a new rule:
Rule
The Rule slider show a list of template for popular choices, such as http , imaps or mysql. If you select a template, you will just need to adjust the security type for the rule. If you do not need a template, you can create a custom TCP/UDP/ICMP rule and fill out all fields.
Direction
Ingress will affect inbound traffic (relating to the instance) Egress will be the outbound traffic.
Open port
Select between a single port or a range.
Port / From Port - To Port
Fill out the port/range you wish to use
Remote
Select the CIDR option if you wish to filter access (or open to all) using IPs. Select the Security group to open access to all instances using the selected security group.
CIDR / Security group
Fill out what you want to allow with this rule.
Using your new security group
When you are done adding rules to your security group, you can either add it to an existing instance, or create a new one with the security group added.