Firewalls are cloud components that protect your Web Servers from unauthorised access. They offer you a layer of protection in front of your Web Server. You can add rules to allow or deny network traffic for your instances.

Bunnyshell creates a unique firewall component for each Web Server you create. You cannot share firewalls with multiple Web Servers.

Updating Firewall rules

To update your Server Firewall rules go to Web Server View and click on the Firewall tab.




Choose from pre existing rules that determine

the Protocol and default Port for common services


Choose between TCP and UDP.

If you are unsure test with TCP first

Port Range

You can specify a specific port or

port range <start_port>-<stop_port>


Any -> Allow access to that Protocol and Port to the Internet

My IP -> Populate Source Address Prefix with your IP

CIDR block -> Specify IP address ranges in CIDR notation

Source Address Prefix

Specify a source address to allow traffic

*Use a /32 ending to specify a single IP address:


Allow or Deny access


A unique name for your rule

Best practices

  • Describing your firewall rules will help you know who has access to your Servers and can help in security audits and periodic security cleanups.

  • Never make database ports and ssh ports publicly accessible. The Internet is a wild place!

  • Always add the least access that satisfies your need. Adding 10 rules for 10 IP addresses is better than adding a rule allowing an entire network address.

  • You can safely add access to your entire subnet address but consider using separate subnets for stage and production environments.

  • Don't give public access to your staging Servers. You may have debugger plugins activated which can allow viewing of sensitive data.

  • Changing default ports may increase your security on publicly accessible ports, but not making them accessible in the first place is even better! 🎉

Default Firewall Rules

By default, when you create a Web Server, Bunnyshell creates some firewall rules depending on the installed packages.

The SSH allow rule on port 22 is added by default for your IP.

When you provision a server with web servers, the 80 and 443 ports are publicly accessible.