Gcore Cloud services use specific IP addresses for outbound (egress) traffic. The API returns both IPv4 and IPv6 address ranges in CIDR notation. If your infrastructure restricts incoming connections by source IP, add these ranges to your allowlist.
When to allowlist Cloud IPs
Add Cloud egress IP ranges to your allowlist in these scenarios:
| Scenario | Description |
|---|
| Image and asset delivery | Cloud downloads images or assets from your infrastructure when creating resources. Add egress ranges to your firewall or object storage allowlist so Cloud can fetch files. |
| Webhooks and push integrations | Cloud pushes events to your listener endpoint when you subscribe to the user-actions event log. Allowlist these ranges to accept traffic only from Cloud. |
| AMQP messaging | Cloud connects to your AMQP message brokers when you subscribe to user-action logs via AMQP. Allowlist these ranges to receive event messages. |
| Security and audit | Use these ranges in SIEM rules or audit tools to verify that traffic originates from Gcore Cloud. |
Retrieve egress IP ranges
Fetch the current list of Cloud egress IP ranges using the public API endpoint. This endpoint requires no authentication.
Request
curl -i -X GET https://api.gcore.com/cloud/public/v1/ipranges/egress
Response
The response contains an array of CIDR blocks covering all Gcore Cloud regions:
{
"ranges": [
"192.0.2.0/24",
"198.51.100.0/24",
"2001:db8::/32"
]
}
SDK examples
The Gcore SDKs provide typed methods to retrieve egress IP ranges without manually constructing HTTP requests.
from gcore import Gcore
client = Gcore()
ip_ranges = client.cloud.ip_ranges.list()
print(ip_ranges.ranges)
package main
import (
"context"
"fmt"
"github.com/G-Core/gcore-go"
"github.com/G-Core/gcore-go/option"
)
func main() {
client := gcore.NewClient(
option.WithAPIKey("My API Key"),
)
ipRanges, err := client.Cloud.IPRanges.List(context.TODO())
if err != nil {
panic(err.Error())
}
fmt.Printf("%+v\n", ipRanges.Ranges)
}
Automate allowlist updates
Gcore continuously expands its network. New IP ranges are added to the list before new infrastructure goes online.
To prevent service disruptions, automate your allowlist updates:
#!/bin/bash
# Fetch Cloud egress IPs and update firewall rules
EGRESS_IPS=$(curl -s https://api.gcore.com/cloud/public/v1/ipranges/egress | jq -r '.ranges[]')
for ip in $EGRESS_IPS; do
# Add to your firewall/security group
# Example: iptables -A INPUT -s $ip -j ACCEPT
echo "Allowing: $ip"
done
If you fail to add a new IP range to your allowlist, Cloud cannot reach your systems from infrastructure using that range. Run your update script on a schedule (for example, hourly via cron).
