Related

Does the cloud firewall prevent IP address spoofing? Question Question
Can we have the ability to set destinations as we are able to set source addresses on the firewall, please. Question Question

Question

Does DO Firewall support IP Protocol 50 (ESP)?

Posted April 1, 2020 192 views
DigitalOcean Cloud Firewalls

I have a docker swarm with encrypted network and would like to use could firewall but I don’t know how to enable IP Protocol 50 and 51 (ESP, AH) on the firewall. Is it even possible?

Add a comment
milesich
By:
milesich
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
KDSys April 1, 2020

Hi @milesich,

You can open any port you wish and use it to your needs. In your case to open ports 50 and 51, you’ll need to execute the following commands:

  • If you are using UFW, you can execute
sudo ufw allow 50
sudo ufw allow 51
  • If you are using only IPtables, you can execute
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 50 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 51 -j ACCEPT

All of the provided commands will help you with openning the port and allowing traffic. It’s possible however, you wish to enable traffic only for a certain IP address. In that case, you’ll need to modify your commands a bid.

  • UFW example with allowing IP access on a certain port
sudo ufw allow from XXX.XXX.XXX.XXX to any port 50
sudo ufw allow from XXX.XXX.XXX.XXX to any port 51
  • Iptables example with allowing IP access on a certain port
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d XXX.XXX.XXX.XXX --dport 50 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d XXX.XXX.XXX.XXX --dport 51 -m state --state NEW,ESTABLISHED -j ACCEPT

Please remember to change XXX.XXX.XXX.XXX in any of the commands with your own IP address.

Reards,
KDSys

Reply Report
  • milesich April 1, 2020

    Thank you for your reply but I was looking for how to configure it on DO cloud firewall service instead of on a particular host. Also I was talking about IP protocols not ports.

    Reply Report
    • KDSys April 1, 2020

      At the moment, using the mentioned IP Protocols is a feature that’s not included.

      Having said that, I’ll recommend going to the ideas board at https://ideas.digitalocean.com/ and post this as an Idea. Every post there gets sent to the product team for review.

      Hope that helps!

      Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help