The Firewall Incoming feature is used for two primary purposes:

• To allow external (Internet) connections to your ClearOS system
• To permanently block a particular IP address or entire networks from accessing ClearOS

This feature is part of the core system and installed by default.

You can find this feature in the menu system at the following location:

Network Firewall Incoming

When the firewall is enabled on your ClearOS system, the default behavior is to block all external (Internet) traffic. If you plan on running services on your ClearOS system that can be accessible from the Internet, then you will need to add the firewall policy to do so. For example, the OpenVPN server requires UDP port 1194 to be open on the firewall.

You can also open up ports to allow for remote management of your ClearOS system. For example, you can open up TCP port 81 to give access to Webconfig.

There are three ways to add an incoming firewall rule:

• select a standard service in the Standard Services drop down
• input a protocol and single port number in the Port Number box.
• input a protocol and multiple consecutive ports in a port range in the Port Range box.

In some circumstances, you may want to block particularly annoying systems from ever connecting to your ClearOS system. For example, you may notice a lot of network traffic from a virus infested remote network. You can block this traffic by specifying an IP or network in the Block External Hosts tool.