This service is responsible for controlling CERN firewall rules, and for coordinated handling of all requests for firewall openings. By default, CERN firewall blocks all connections from outside to inside CERN, except for servers and ports which are specifically agreed and allowed (open).
Please also note that ports can be open on CERN firewall for justified cases of professional need. Before you request a port opening on CERN firewall, you must also:
<ul><li>put your server in its final configuration, ready for production;</li><li>ensure that software updates will be applied automatically;</li><li>disable all non-essential network services on your server;</li><li>secure the remaining, essential network services;</li><li>ensure that your server will not be used for controls (preferably it should only allow read access).</li></ul>