Firewalls are cloud components that protect your Web Servers from unauthorised access. They offer you a layer of protection in front of your Web Server. You can add rules to allow or deny network traffic for your instances.
Bunnyshell creates a unique firewall component for each Web Server you create. You cannot share firewalls with multiple Web Servers.
To update your Server Firewall rules go to Web Server View and click on the Firewall tab.
Choose from pre existing rules that determine
the Protocol and default Port for common services
Choose between TCP and UDP.
If you are unsure test with TCP first
You can specify a specific port or
port range <start_port>-<stop_port>
Any -> Allow access to that Protocol and Port to the Internet
My IP -> Populate Source Address Prefix with your IP
CIDR block -> Specify IP address ranges in CIDR notation
Source Address Prefix
Specify a source address to allow traffic
*Use a /32 ending to specify a single IP address: 192.168.0.1/32
Allow or Deny access
A unique name for your rule
Describing your firewall rules will help you know who has access to your Servers and can help in security audits and periodic security cleanups.
⚠ Never make database ports and ssh ports publicly accessible. The Internet is a wild place!
Always add the least access that satisfies your need. Adding 10 rules for 10 IP addresses is better than adding a rule allowing an entire network address.
You can safely add access to your entire subnet address but consider using separate subnets for stage and production environments.
Don't give public access to your staging Servers. You may have debugger plugins activated which can allow viewing of sensitive data.
Changing default ports may increase your security on publicly accessible ports, but not making them accessible in the first place is even better! 🎉
By default, when you create a Web Server, Bunnyshell creates some firewall rules depending on the installed packages.
The SSH allow rule on port 22 is added by default for your IP.
When you provision a server with web servers, the 80 and 443 ports are publicly accessible.