System Firewall

The built-in system firewall provides a powerful way to lock down access to the BMC. While user authentication controls who can log in, the firewall controls what IP addresses are even allowed to communicate with the BMC in the first place. By creating specific rules, you can ensure that only trusted systems on your network can reach the management interface.

This chapter shows you how to add, manage, and remove firewall rules.

Adding and managing firewall rules

You can create granular rules based on IP address, protocol, and port.

1. In the sidebar menu, navigate to Settings > System Firewall.

2. The page displays a table of all currently active rules. To create a new one, click the Add New Rule button.

3. In the popup window, define the parameters for your rule:

   • Protocol: Choose TCP, UDP, or ALL.

   • Target: Select Allow to permit matching traffic or Block to deny it.

   • Port Start/End: Specify a single port (e.g., 443 for HTTPS) or a range of ports.

   • IP Start/End: Enter a single source IP address or a range of addresses that this rule applies to.

   • MAC Address: (Optional) Restrict the rule to a specific source MAC address.

   • Start/End Date/Time: (Optional) Make the rule active only during a specific time window.

4. Click Add to save and activate the rule.

Flushing all rules

If you have made a mistake and locked yourself out, or if you want to quickly reset the firewall to a default open state, you can use the Flush All feature.

1. On the System Firewall page, click the Flush All button.

2. A confirmation dialog will appear. Confirm the action to remove all custom firewall rules.

   

This action provides a quick recovery mechanism, but it should be used with caution as it will remove all protections you have configured.