System Firewall

The built-in system firewall provides a powerful way to lock down access to the BMC. While user authentication controls who can log in, the firewall controls what IP addresses are even allowed to communicate with the BMC in the first place. By creating specific rules, you can ensure that only trusted systems on your network can reach the management interface.

This chapter shows you how to add, manage, and remove firewall rules.

Adding and managing firewall rules

You can create granular rules based on IP address, protocol, and port.

1. In the sidebar menu, navigate to Settings > System Firewall.

2. The page displays a table of all currently active rules. To create a new one, click the Add New Rule button.

3. In the popup window, define the parameters for your rule:

   • Protocol: Choose TCP, UDP, or ALL.

   • Target: Select Allow to permit matching traffic or Block to deny it.

   • Port Start/End: Specify a single port (e.g., 443 for HTTPS) or a range of ports.

   • IP Start/End: Enter a single source IP address or a range of addresses that this rule applies to.

   • MAC Address: (Optional) Restrict the rule to a specific source MAC address.

   • Start/End Date/Time: (Optional) Make the rule active only during a specific time window.

4. Click Add to save and activate the rule.

[Image, EXISTING, Source: 7.11: 顯示系統防火牆頁面，其中包含作用中規則的表格和「新增規則」按鈕的螢幕截圖。]

[Image, EXISTING, Source: 7.11: 顯示「新增防火牆規則」對話方塊，其中包含用於定義通訊協定、目標、連接埠和 IP 位址的欄位的螢幕截圖。]

Flushing all rules

If you have made a mistake and locked yourself out, or if you want to quickly reset the firewall to a default open state, you can use the Flush All feature.

1. On the System Firewall page, click the Flush All button.

2. A confirmation dialog will appear. Confirm the action to remove all custom firewall rules.

   

This action provides a quick recovery mechanism, but it should be used with caution as it will remove all protections you have configured.