Initial setup - firewall rules Print

Setting up Path.net firewall rules

In our Dallas location, all inbound ports are blocked by default therefore you need to open ports to be able to host services and access basic things like SSH/RDP, this guide instructs on how to do this.

In order to open ports, go to the client area, select "Services" -> "My Services" from the navigation bar, click on "Path.net Firewall Manager" and then click on the blue "Open Control Panel" button.

If you see "Path.net Firewall Manager" on the client area home page then you can click "View Details" beside this instead:

Once you're in the firewall manager, click "Firewall Rules" on the left navigation bar then "Create Rule" and you'll see this window appear:

• Source Type(s): the default "custom source IP" is suitable for most cases, there are some predefined lists such as "Cloudflare IPs" if you wanted to whitelist their IPs for access
• Source Type: the default "Network" is suitable for most cases
• Protocol: the protocol you would like to whitelist, such as TCP, UDP etc
• Source: the IP where the data is coming from, the default "0.0.0.0/0" covers the whole internet and is the correct value in most cases
• Destination: the IP you want to open the port on
• Action: the default "whitelist" is the correct value to use to open a port
• Comment: something to remind you of what the rule is for, can be left blank

If you select a protocol such as TDP or UDP then "Source Port" and "Destination Port" fields will appear, leave "Source Port" blank and enter the port you want to open in "Destination Port".

While it is not possible to create rules for a port range, we can create rules on port ranges if you contact us via support ticket.

Firewall rule changes can take up to 45 minutes to take effect, despite the "Create Rule" window mentioning 15 minutes.

Path's firewall system automatically allows the return traffic from an outbound request without a firewall whitelist rule being present therefore it is only necessary to whitelist ports that you will have a listening service/application on, such as 80/443 for a web server, 22 for SSH and 3389 for RDP (Windows).
ICMP (ping) is an exception, the protocol needs to be whitelisted to allow outbound as well as inbound ICMP (ping).

There is also firewall rule templates available should any of them fit your use case, these can be accessed through the "Use Rule Templates" button beside the "Create Rule" button mentioned above, selecting an import option will show you the rules it will create:

Once you've finished adding firewall rules, we recommend you add firewall filters to improve the DDoS mitigation accuracy, see here on how to do this.