Bunnyshell
Bunnyshell
Bunnyshell.com
Blog
Login/Register
Bunnyshell Documentation
Reference
DNS
Organizations
Web Servers
Getting Started
Web Server Settings
Web Server Components
Instance
Firewall
Virtual Network
Subnet
Disks
Load Balancer
Snapshots
Web Server Management
Web Server Operations
Applications
External Databases
Provisioning
Resources
Access management
Bunnyshell API
Guides
Accessing your Application
Getting Started
Linux HowTos
Databases
Server Maintenance
Troubleshooting
520 Errors when using CloudFlare Proxy
Troubleshoot Firewall Connection Issues
FAQ
Cloud Account
Servers FAQ
Applications
Provisioning FAQ
Old Docs
Old Docs
Powered by GitBook

Firewall

Firewalls are cloud components that protect your Web Servers from unauthorised access. They offer you a layer of protection in front of your Web Server. You can add rules to allow or deny network traffic for your instances.

Bunnyshell creates a unique firewall component for each Web Server you create. You cannot share firewalls with multiple Web Servers.

Updating Firewall rules

To update your Server Firewall rules go to Web Server View and click on the Firewall tab.

Field

Meaning

Service

Choose from pre existing rules that determine

the Protocol and default Port for common services

Protocol

Choose between TCP and UDP.

If you are unsure test with TCP first

Port Range

You can specify a specific port or

port range <start_port>-<stop_port>

Source

Any -> Allow access to that Protocol and Port to the Internet

My IP -> Populate Source Address Prefix with your IP

CIDR block -> Specify IP address ranges in CIDR notation​

Source Address Prefix

Specify a source address to allow traffic

*Use a /32 ending to specify a single IP address: 192.168.0.1/32

Action

Allow or Deny access

Name

A unique name for your rule

Best practices

  • Describing your firewall rules will help you know who has access to your Servers and can help in security audits and periodic security cleanups.

  • ​⚠ Never make database ports and ssh ports publicly accessible. The Internet is a wild place!

  • Always add the least access that satisfies your need. Adding 10 rules for 10 IP addresses is better than adding a rule allowing an entire network address.

  • You can safely add access to your entire subnet address but consider using separate subnets for stage and production environments.

  • Don't give public access to your staging Servers. You may have debugger plugins activated which can allow viewing of sensitive data.

  • Changing default ports may increase your security on publicly accessible ports, but not making them accessible in the first place is even better! 🎉

Default Firewall Rules

By default, when you create a Web Server, Bunnyshell creates some firewall rules depending on the installed packages.

The SSH allow rule on port 22 is added by default for your IP.

When you provision a server with web servers, the 80 and 443 ports are publicly accessible.

Previous
Instance
Next
Virtual Network
Last updated 8 months ago
Contents
Updating Firewall rules
Best practices
Default Firewall Rules