The dynamic firewall app allows an administrator to generate and implement very specific, time-based, firewall rules triggered off events.

For example, rather than opening up ports for SSH, OpenVPN or the Syncthing admin panel to the entire Internet, the Dynamic Firewall app can be configured to open these ports after a user authenticates via the ClearOS admin panel (ideally, using two-factor) from the source IP of the user logging on.

In short, this app allows you to reduce your network's exposure while still providing essential services to remote users.


From the Marketplace

Install from web interface (in the Network section), like all the other apps: Dynamic Firewall app for ClearOS


yum install app-firewall-dynamic

How to access

In the ClearOS admin panel, navigate to "Network -> Firewall -> Firewall Dynamic".

Protected apps

  • SSH
  • OpenVPN
  • Syncthing (per user)

On roadmap

  • phpMyAdmin
  • Openfire admin panel
  • Kimchi admin panel (8001)


  • Tiki, presumably via generic port 80 / 81 protection like htpasswd
  • Elasticsearch : Adminer is protected via Webconfig?
  • FusionPBX
  • Kimchi virtual machines