Firewall

Firewalls are cloud components that protect your Servers from unauthorised access. They offer you a layer of protection in front of your Server. You can add rules to allow or deny network traffic for your instances.

Bunnyshell creates a unique firewall component for each Server you create. You cannot share firewalls with multiple Servers.

Updating Firewall rules

To update your Server Firewall rules go to Server View and click on the Firewall tab.

Field

Meaning

Service

Choose from pre existing rules that determine

the Protocol and default Port for common services

Protocol

Choose between TCP and UDP.

If you are unsure test with TCP first

Port Range

You can specify a specific port or

port range <start_port>-<stop_port>

Source

Any -> Allow access to that Protocol and Port to the Internet

My IP -> Populate Source Address Prefix with your IP

CIDR block -> Specify IP address ranges in CIDR notation

Source Address Prefix

Specify a source address to allow traffic

*Use a /32 ending to specify a single IP address: 192.168.0.1/32

Action

Allow or Deny access

Name

A unique name for your rule

Best practices

  • Describing your firewall rules will help you know who has access to your Servers and can help in security audits and periodic security cleanups.

  • Never make database ports and ssh ports publicly accessible. The Internet is a wild place!

  • Always add the least access that satisfies your need. Adding 10 rules for 10 IP addresses is better than adding a rule allowing an entire network address.

  • You can safely add access to your entire subnet address but consider using separate subnets for stage and production environments.

  • Don't give public access to your staging Servers. You may have debugger plugins activated which can allow viewing of sensitive data.

  • Changing default ports may increase your security on publicly accessible ports, but not making them accessible in the first place is even better! 🎉

Default Firewall Rules

By default, when you create a Server, Bunnyshell creates some firewall rules depending on the installed packages.

The SSH allow rule on port 22 is added by default for your IP.

When you provision a server with web servers, the 80 and 443 ports are publicly accessible.