Overview

Genostack uses an internal firewall limiting external access to the instances. Even if you open the ports on the instance, and redirect the http access, you will not be able to connect to it from outside. You are however able to create new security groups and add your own security rules in it.

Security

When you create a new rule, you need to select the type of security you wish to use. There are two type available:

Default rules

By default, the ports 80, 443, and 22 are opened to the outside. All ports are openened between instances using the default security group, meaning you do not need to make modifications for internal communication.

Default rules

Create new rules

Rules are stored in Security groups. You can either add rules to an existing one, or create a new one. To do so, head to the Access and security tab. Once you have selected or created the security group you wish to use, use the Manage rules button. There, you can create or modify rules.

There are several parameters you can customize when creating a new rule:

Rule

The Rule slider show a list of template for popular choices, such as http , imaps or mysql. If you select a template, you will just need to adjust the security type for the rule. If you do not need a template, you can create a custom TCP/UDP/ICMP rule and fill out all fields.

Direction

Ingress will affect inbound traffic (relating to the instance) Egress will be the outbound traffic.

Open port

Select between a single port or a range.

Port / From Port - To Port

Fill out the port/range you wish to use

Remote

Select the CIDR option if you wish to filter access (or open to all) using IPs. Select the Security group to open access to all instances using the selected security group.

CIDR / Security group

Fill out what you want to allow with this rule.

New rule

Using your new security group

When you are done adding rules to your security group, you can either add it to an existing instance, or create a new one with the security group added.