Skip to content

How do I manage firewall configs and ACL rules?

Requires Elite

The Firewall configs and ACL rules tabs in the Provisioning area document your network security configuration: a firewall config records a configuration snapshot as text (type Default or Custom); an ACL rule describes a single access decision — action (Allow/Deny), source, destination, port and protocol (TCP/UDP).

Provisioning is available from the Elite tier.

  1. Record a firewall config. Open Provisioning → Firewall configs and click “Add Firewall config”:

    • Name (required) — e.g. “DMZ baseline rules”.
    • Type (required)Default or Custom.
    • Configuration — the rule set as text (e.g. an nftables/iptables excerpt).
    • Description (optional).
    A firewall config as a documented configuration snapshot.
  2. Create an ACL rule. Switch to ACL rules and click “Add ACL rule”:

    • Name (required) — e.g. “HTTPS from LAN to DMZ”.
    • Action (required)Allow or Deny.
    • Source / Destination — e.g. 10.0.10.0/2410.0.20.5.
    • Port — e.g. 443.
    • ProtocolTCP or UDP.
    • Description (optional).
  3. Maintain them. Make changes to existing entries via the pencil icon; an administrator removes outdated entries via the trash icon.

  • Documentation of the intended configuration: Notory does not distribute firewall configs and ACL rules to devices — they are the documented target state of your network security, which your automation or your workflow implements.
  • Tenant isolation & audit: Both stores are tenant-bound; creating, changing and deleting is recorded in the log.
  • Auditability: A well-maintained ACL store serves as evidence in audits — see Compliance.