Logstash Firewalls Introduction

Logstash Firewall Groups allow you to manage and restrict which IP addresses can send data to your Stacks and which ports those restrictions apply to. Setting Firewall Groups improves Stack security by blocking all unauthorised traffic to ports you've specified.

To view the existing Firewall Groups for a Stack choose View Stack Settings > Logstash Firewall from your dashboard. You can add a new Firewall Group or edit an existing group to modify the configuration by selecting an existing one from the list.

You can also access the Logstash Firewall Groups for a Stack by choosing View Stack Settings > Logstash Inputs from where you can view rules specific to each input and port as shown below. Choose View Rules to access the Firewall Groups for that input.

Adding a new Firewall Group

To add a new Firewall Group for a Stack choose View Stack Settings > Logstash Firewall > Add New Firewall Group. Provide a name for the group and a brief description, then enter the IP address(es) that you want to allow to send data via your Logstash instance. Then if required choose from the list of ports that this should apply to, and select Apply Changes.

Tip: Any changes to Logstash Firewall Groups will be live on your instance within 10 seconds of applying

Modifying an existing Firewall Group

To modify an existing Firewall Group for a Stack choose View Stack Settings > Logstash Firewall > Firewall Group that you need to modify or delete. From here you can rename the group, change the description, add/delete IP addresses from the group and modify the associated ports. Once you are happy with the changes select Apply Changes.

To delete a specific IP address select it from the list and choose the Delete rule. If you have multiple rules you can use the Select all and Unselect all options to make this easier for you.

Deleting a Firewall Group

To delete a Firewall Group completely including all the associated IP addresses and ports choose View Stack Settings > Logstash Firewall > Firewall Group then from the bottom of the screen choose the delete option. You will be asked to confirm the deletion as this action cannot be undone.

What's next?

Did this answer your question?