How do I create firewall rules to allow or deny IP addresses to access DSM?
Last updated:Dec 4, 2020
How do I create firewall rules to allow or deny IP addresses to access DSM?
Purpose
Create firewall rules on your DSM to allow or deny access to certain network ports through specific IP addresses, thereby preventing unauthorized logins and controlling service access.
Resolution
Only allow specific IP addresses to access DSM
- Go to Control Panel > Security > Firewall to enable the firewall and create firewall rules using the steps in this article.1
- Create two firewall rules if you want to only allow specific IP addresses to access your DSM (e.g., 192.168.50.xxx and 192.168.50.xxx) and deny other IP addresses from accessing it.
Only deny specific IP addresses from accessing DSM
- Go to Control Panel > Security > Firewall to enable the firewall and create firewall rules using the steps in this article.1
- Create two firewall rules if you want to deny specific IP addresses from accessing your DSM (e.g., 192.168.50.xxx and 192.168.50.xxx) and allow other IP addresses to access it.
Notes:
- When creating firewall rules, you must sign in to your DSM via an IP address that you want the firewall rules to allow. Do not sign in via QuickConnect.
- DSM firewall can only filter incoming traffic, but not outgoing traffic.
- DSM firewall does not support MAC address filtering function.
- When signing in to DSM services via QuickConnect, the QuickConnect mechanism may prevent the firewall from filtering traffic. Disable the QuickConnect service on your DSM to prevent this.
- Firewall rules are prioritized based on their order in the firewall rule list.
- Firewall rules may not work properly if multiple network ports are connected to the same subnet.
- If you combine multiple LAN ports with link aggregation, the firewall will only apply the rules of the first network interface.
- If you want to connect your Synology NAS to the Internet via PPPoE, you must configure related firewall rules on the corresponding PPPoE interface.