So, as it was partly shown above, CirrusGrid provides a pretty easy-to-use and powerful GUI to manage container firewall directly via the dashboard.
1. To access the appropriate control panel, click the Settings button next to the required environment and switch to the Firewall section within the opened tab.

Select the Inbound Rules tab and click on the Add button (obviously, to manage external container traffic, you need to choose the Outbound Rules tab instead; herewith, all rule parameters are similar to the ones described below).
2. In the opened Add Inbound Rules form you can configure a new condition for the incoming requests’ processing by a container.

To deny a connection from a particular IP (according to our suggested use case example), fill in the fields as follows:
- Nodes – chose a container to restrict access to (tomcat in our case)
- Name – input any desired rule name (e.g. my-rule)
- Protocol – select a required protocol (TCP)
- Port Range – deny access to all ports by leaving this field blank
- Source – choose the Custom IP Address(es) option and type the necessary IP in the appeared IP Address Range field (111.111.111.111)
- Priority – set the appropriate priority for this record (e.g. 900 to be applied before the default rules)
- Action – select the Deny option
Click Add to save and automatically apply your rule.
3. Now, when trying to connect to your node from the specified 111.111.111.111 IP address, a user will be shown the following page:
This way you can deny access to your containers from any IP address.