Protect server with firewall rules

By default, after a cloud server is created, it is placed into a system default firewall rule group.
The system default firewall group has the following built-in rules:
a) Inbound : allows SSH (TCP 22) and RDP (TCP 3389) from all
b) Outbound: allows all

If you want to protect administrative login access to your cloud server, you would create a new firewall rule group and then place the cloud server under that newly created firewall rule group.
The following illustrates the steps to create a new firewall rule group, create a firewall rule to allow SSH and then adding your cloud server into that group.

1. To manage firewall rule group and firewall rules, click on Services
2. On the left-hand side menu option, click on “MANAGE FIREWALL”
3. You would see the following

4. Click on “Create firewall rule group” to create a new one. Give it an appropriate group name.  Note that will not be able to change the group name after it is created.

5. Click on the newly created firewall rule group on the listing to go in and edit its rules.

A new firewall rule group has the following rules created for you:

Inbound: no rule i.e. all traffic will be blocked

Outbound: allow ICMP

Outbound: allow all UDP ports

Outbound: allow all TCP ports

6. To add an inbound rule to restrict administrative access to your server, click on “New Rule” and select SSH or RDP.

Enter the source IP or network address and save it.

Valid choices and format of the source specification are:

  • To specify all, use any or all
  • One specific IP, enter the IP address like
  • Multiple IPs, enter IP addresses separate by comma and without any space e.g.,
  • An IP range e.g.

Create multiple rules as need.

7. To move a cloud server into a firewall rule group, select “Manage Instances” for that firewall rule group.

Select a server from the list and click “Add”.

After adding, you would see the server appear the listing under the firewall rule group.

Related Articles