VM Interface Firewall
The NetActuate VM Interface Firewall lets you create rule sets that control traffic to your virtual machine network interfaces. Create named firewall sets, define IPv4 and IPv6 rules with accept/drop actions, and apply them across your fleet of servers from the portal or API.
Note: The firewall feature must be enabled on your account before use. If you do not see the firewall option under Networking > Firewall in your portal, contact your NetActuate account manager to have it activated.
What the Firewall Does
The VM firewall is designed for broad access control at the host level. Typical use cases include:
- Block all ports except 80 and 443 on a web server
- Restrict SSH access to specific management IPs
- Allow only cache-fill traffic to public interfaces on a CDN node
- Apply a default security baseline to all VMs account-wide
Key Features
| Feature | Description |
|---|---|
| Named Rule Sets | Create multiple firewall sets for different service types or environments |
| IPv4 and IPv6 | Rules support both IP versions |
| Rule Ordering | Set evaluation priority with drag-and-drop reordering |
| Per-Rule Toggle | Enable or disable individual rules without deleting them |
| Fleet Sync | Apply changes to all associated VMs with a single sync action |
| Multiple Application Methods | Apply firewall sets per-VM, during deployment, account-wide, or via API |
How Firewall Sets Are Applied
Firewall sets can be associated with VMs in four ways:
- From the firewall set using the Associated Virtual Machines tab
- During VM deployment by selecting a firewall set in the build wizard
- Account-wide default by setting a global firewall set under Account > Settings > Security
- Via the API for programmatic management
How It Fits Into DDoS Mitigation
The VM firewall ACL works alongside other layers of protection:
- Outer layer: transit provider and peer rules block volumetric traffic before it enters the NetActuate network
- Middle layer: edge rules apply rate limiting and policy-based filtering at the network edge
- Inner layer: the VM ACL provides granular, per-host traffic control before packets reach your application
For a full explanation of the layered model, see the DDoS Best Practices guide.
Next Steps
- How-To Guide - getting started with firewall rule sets
- Managing Firewall Rule Sets - create sets, add rules, associate VMs, and sync changes
- Firewall API Reference - REST API endpoints for programmatic management
Need Help?
Contact support@netactuate.com or open a support ticket from the portal.