API
The Gcore Customer Portal is being updated. Screenshots may not show the current version.
Edge Cloud
Edge Cloud
Overview
Overview
Activate and manage you eSIMGetting online in China
Troubleshooting
Account types and permissionsPackagesQuality of Service
Billing
Quotas
Create a project
User rolesAdd a userManage accessView user actions
Cost reports
About Resource reservation
Types of Virtual MachinesCreateCustomize initial setupCheck the statusEnable root user
Connect via Customer Portal
Configure and manage SSH keysConvert an SSH key to PPK formatEstablish SSH connection to a Virtual Machine
OverviewConfigure
OverviewCreate and configure
Monitor
Take a snapshot of your file systemSet up automatic snapshots
SSH connection
About Bare Metal serversCreate a Bare Metal serverConnect to your Bare Metal server via SSH
SSH connection
About Advanced DDoS Protection for Bare MetalActivate Advanced DDoS Protection for Bare Metal
OverviewUpload
NetworkSubnetworkRouter
Floating IP addressReserved IP addressVirtual IP addressDifference between virtual, floating, and reserved IP addressesAllowed address pair
Create Load BalancerAdd TLS certificates to a Load BalancerConfigure mutual TLS authenticationManage Load BalancersLoggingAnnotations
Firewall
OverviewConfigure
OverviewBare Metal support
Create
SSH connectionkubectl
Secure cluster with OpenID Connect
OverviewChange limitsCreate and configure a poolAdvanced autoscaler settingsConfigure GPU autoscaling for Kubernetes
Add users with limited rights to a Kubernetes cluster
Monitor load on a specific node
OverviewInstall nginx ControllerUse nginx Controller
Create a PVC and bind it to a podConfigure NFS CSI driver for Kubernetes
Annotations for Load Balancers
Manage PostgreSQL serversBackup and restore
Upload a PKCS12 file
Function as a ServiceAuthenticate to functions with API keysFunction examples
Create a containerDeploy via GitHub actionsManage containers
Create a Container RegistryManage Container Registries
OverviewConfigure
FilebeatFluent BitFluentdLogstash
Prometheus exporterView logs in Grafana with OpenSearch plugin
Terraform
Set up a mailing server
API
Chosen image
Home/Edge Cloud/Networking/Firewall

Add and configure a firewall

A firewall is a network security device used to protect servers from network threats. The firewall monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. You can set rules for all connections except port 25 for outbound traffic as it is blocked by default.

If you use a Load Balancer and your Virtual Machine is in a pool, configure its firewall by opening ports for receiving and transmitting data to the Load Balancer. For more information, refer to our guide "Create and configure a Load Balancer".

Create a firewall

If you don’t create your custom firewall, the default firewall will be used.

1. Open a window to create a firewall. You can do in two ways:

  • In the Cloud menu, go to Networking > Firewalls > Create firewall.
Firewalls
  • When you’re creating a Virtual Machine, find the Firewall settings section, select Add a Firewall.

 

2. Give your firewall a name. 

3. Set Inbound rules which would define the allowed incoming traffic.
Click New rule and select one of the template rules or choose Custom to apply custom settings.

  • Template rules (All TCP/all UDP/SSH/HTTP/HTTPS/MySQL/DNS UPD/DNS TCP/postgreSQL): template rules come with pre-configured protocols and ports for typical connections 
  • Custom rule: if you select a custom rule, specify the protocol and port manually.
Inbound rule

For Sources, set a specific IP address range in the CIDR format. Otherwise, the rule will be applied to all IP addresses. 

4. Set the Outbound rules which would define the allowed outgoing traffic.

Please note that by default, outbound traffic over port 25 (TCP/UDP) is restricted, while all other outbound ports are open.

Click New rule and select one of the template rules or choose Custom to apply custom settings.

  • Template rules (All TCP/all UDP/SSH/HTTP/HTTPS/MySQL/DNS UPD/DNS TCP/postgreSQL): template rules come with pre-configured protocols and ports for typical connections 
  • Custom rule: If you select a custom rule, specify the protocol and port manually.
Custom rule

For Sources, set a specific IP address range in the CIDR format. Otherwise, the rule will be applied to all IP addresses. 

5. (optional) Apply a firewall to a Virtual Machine by selecting it in the Apply to Instance drop-down list.

6. (optional) Add tags by switching on the Add tags toggle in the Additional options section and specifying headers and tags. 

7. Click Create firewall.

Use the default firewall

If you don't specify which firewall to apply to your Virtual Machine, the default firewall will be applied.

The default firewall contains inbound rules, which allow the following traffic for IPv6 as for IPv4 addresses:

  • SSH connections over TCP protocol on port 22

  • Remote Desktop Protocol (RDP) connections over TCP and UDP protocols on port 3389.

  • Internet Control Message Protocol (ICMP) is allowed.

All outgoing connections are allowed.

Manage a firewall

Add, change and delete rules

1. Go to the Networking tab > Firewalls.

2. Find the required firewall, click the ⋯ menu on the right and select Rules.

Firewalls

Assign to a Virtual Machine and detach from it

1. Go to the Networking tab > Firewalls.

2. Find the required firewall, click the ⋯ menu on the right and select Instances.

Firewalls

Delete a firewall

You can’t delete a default firewall.

1. Go to the Networking tab > Firewalls.

2. Find the required firewall, click the ⋯ menu on the right and select Delete.

Delete a firewall

Was this article helpful?

Not a Gcore user yet?

Discover our offerings, including virtual instances starting from 3.7 euro/mo, bare metal servers, AI Infrastructure, load balancers, Managed Kubernetes, Function as a Service, and Centralized Logging solutions.

Go to the product page
Edit on GitHub