{"id":504561,"date":"2025-04-09T08:09:58","date_gmt":"2025-04-09T06:09:58","guid":{"rendered":"https:\/\/hexabyte.se\/?post_type=kb&#038;p=504561"},"modified":"2025-04-09T08:10:51","modified_gmt":"2025-04-09T06:10:51","slug":"firewall","status":"publish","type":"kb","link":"https:\/\/hexabyte.se\/en\/kb\/firewall\/","title":{"rendered":"Firewall rules in Hexabyte Cloud"},"content":{"rendered":"<p>In Hexabyte Cloud, each instance (also called <a href=\"https:\/\/hexabyte.se\/en\/vps\/\">VPS<\/a>) have its own firewall that controls what traffic is allowed to and from the server.&nbsp;<strong>The firewall function can be either active or inactive<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Active firewall:<\/strong>&nbsp;Traffic is filtered according to your specified rules.<\/li>\n\n\n\n<li><strong>Inactive firewall:<\/strong>&nbsp;All traffic is allowed through \u2013 no rules are applied.<\/li>\n<\/ul>\n\n\n\n<p>You can see if the firewall is active directly in the instance&#039;s&nbsp;<strong>Firewall<\/strong>-Tab.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is a firewall rule?<\/h2>\n\n\n\n<p>A firewall rule is an instruction that determines whether certain network traffic should be allowed or blocked, based on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Direction:<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Ingress<\/strong>&nbsp;\u2013 incoming traffic&nbsp;<em>to<\/em>&nbsp;the server.<\/li>\n\n\n\n<li><strong>Egress<\/strong>&nbsp;\u2013 outgoing traffic&nbsp;<em>from<\/em>&nbsp;the server.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Source<\/strong>&nbsp;\u2013 The IP address or network where the traffic comes from.<\/li>\n\n\n\n<li><strong>Destination (goal)<\/strong>&nbsp;\u2013 The IP address or network the traffic is destined for.<\/li>\n\n\n\n<li><strong>Source port \/ Destination port<\/strong>&nbsp;\u2013 which ports are used in communication (e.g. port 22 for SSH).<\/li>\n\n\n\n<li><strong>Protocol<\/strong>&nbsp;\u2013 for example TCP, UDP, ICMP4\/ICMP6 (for ping), or&nbsp;<code>any<\/code>&nbsp;for all protocols.<\/li>\n\n\n\n<li><strong>Action<\/strong>&nbsp;\u2013&nbsp;<code>allow<\/code>&nbsp;to allow or&nbsp;<code>reject<\/code>&nbsp;to block traffic.<\/li>\n\n\n\n<li><strong>State<\/strong>&nbsp;\u2013&nbsp;<code>enabled<\/code>&nbsp;or&nbsp;<code>disabled<\/code>&nbsp;to enable\/disable the rule without deleting it.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How the interface works<\/h2>\n\n\n\n<p>In the Firewall tab for your instance, you can see all active rules. When you add or edit a rule, you&#039;ll fill in fields such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Protocol<\/strong>,&nbsp;<strong>Source<\/strong>,&nbsp;<strong>Gate<\/strong>,&nbsp;<strong>Destination<\/strong>,&nbsp;<strong>Description<\/strong>&nbsp;etc.<\/li>\n\n\n\n<li>You can specify specific IP addresses, port numbers, or use&nbsp;<code>any<\/code>&nbsp;to allow\/block everything.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Examples of common rules<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Allow SSH (for login via terminal)<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Direction<\/th><th>Protocol<\/th><th>Destination port<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td>Ingress<\/td><td>TCP<\/td><td>22<\/td><td>Allow SSH to server<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Allow HTTP and HTTPS (for web server)<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Direction<\/th><th>Protocol<\/th><th>Destination port<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td>Ingress<\/td><td>TCP<\/td><td>80, 443<\/td><td>Allow HTTP\/HTTPS<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Allow ping (ICMP)<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Direction<\/th><th>Protocol<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td>Ingress<\/td><td>ICMP4<\/td><td>Allow ping via IPv4<\/td><\/tr><tr><td>Ingress<\/td><td>ICMP6<\/td><td>Allow ping via IPv6<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Allow all outbound traffic<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Direction<\/th><th>Protocol<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td>Egress<\/td><td>Any<\/td><td>Allow all outgoing traffic<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Restrict traffic to a specific IP address<\/h2>\n\n\n\n<p>You can use&nbsp;<strong>Source<\/strong>field to only allow traffic from a specific IP address. This is especially useful when you want to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Protect SSH so that only you (or your office) can log in.<\/li>\n\n\n\n<li>Allow access to an API service only from trusted sources.<\/li>\n\n\n\n<li>Minimize the risk of intrusion by limiting unnecessary exposure.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example: Allow only your IP for SSH<\/h3>\n\n\n\n<p>If your IP address is&nbsp;<code>203.0.113.45<\/code>:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Direction<\/th><th>Protocol<\/th><th>Destination port<\/th><th>Source<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td>Ingress<\/td><td>TCP<\/td><td>22<\/td><td>203.0.113.45<\/td><td>Allow SSH from my IP<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>You can also use CIDR format (e.g.&nbsp;<code>203.0.113.0\/24<\/code>) if you want to allow an entire network.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Tip<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Remember that the order does not matter, the system automatically sorts the rules when you press save.<\/li>\n\n\n\n<li>Leaving fields empty (any) means that anything in that field is allowed.<\/li>\n\n\n\n<li>There is an automatic&nbsp;<em>default policy<\/em>&nbsp;at the bottom \u2013 when traffic that does not match any previous rule, the traffic is rejected.<\/li>\n\n\n\n<li>Remember to click&nbsp;<strong>Save<\/strong>&nbsp;when you added or changed rules.<\/li>\n<\/ul>","protected":false},"parent":0,"menu_order":0,"template":"","class_list":["post-504561","kb","type-kb","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Brandv\u00e4ggsregler i Hexabyte Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hexabyte.se\/en\/kb\/firewall\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Brandv\u00e4ggsregler i Hexabyte Cloud\" \/>\n<meta property=\"og:description\" content=\"I Hexabyte Cloud kan varje instans (\u00e4ven kallad VPS) ha en egen brandv\u00e4gg som styr vilken trafik som till\u00e5ts till och fr\u00e5n servern.&nbsp;Brandv\u00e4ggsfunktionen kan vara antingen aktiv eller inaktiv: Du ser om brandv\u00e4ggen \u00e4r aktiv direkt i instansens&nbsp;Firewall-flik. Vad \u00e4r en brandv\u00e4ggsregel? En brandv\u00e4ggsregel \u00e4r en instruktion som best\u00e4mmer om viss n\u00e4tverkstrafik ska till\u00e5tas eller [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hexabyte.se\/en\/kb\/firewall\/\" \/>\n<meta property=\"og:site_name\" content=\"Hexabyte\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-09T06:10:51+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hexabyte.se\\\/kb\\\/firewall\\\/\",\"url\":\"https:\\\/\\\/hexabyte.se\\\/kb\\\/firewall\\\/\",\"name\":\"Brandv\u00e4ggsregler i Hexabyte Cloud\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hexabyte.se\\\/#website\"},\"datePublished\":\"2025-04-09T06:09:58+00:00\",\"dateModified\":\"2025-04-09T06:10:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hexabyte.se\\\/kb\\\/firewall\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hexabyte.se\\\/kb\\\/firewall\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hexabyte.se\\\/kb\\\/firewall\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Hem\",\"item\":\"https:\\\/\\\/hexabyte.se\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kunskapsbank\",\"item\":\"https:\\\/\\\/hexabyte.se\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Brandv\u00e4ggsregler i Hexabyte Cloud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hexabyte.se\\\/#website\",\"url\":\"https:\\\/\\\/hexabyte.se\\\/\",\"name\":\"Hexabyte\",\"description\":\"Serverl\u00f6sningar\",\"publisher\":{\"@id\":\"https:\\\/\\\/hexabyte.se\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hexabyte.se\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hexabyte.se\\\/#organization\",\"name\":\"Hexabyte AB\",\"url\":\"https:\\\/\\\/hexabyte.se\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hexabyte.se\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hexabyte.se\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/hexabyte-clear.svg\",\"contentUrl\":\"https:\\\/\\\/hexabyte.se\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/hexabyte-clear.svg\",\"width\":318,\"height\":57,\"caption\":\"Hexabyte AB\"},\"image\":{\"@id\":\"https:\\\/\\\/hexabyte.se\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Firewall rules in Hexabyte Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hexabyte.se\/en\/kb\/firewall\/","og_locale":"en_US","og_type":"article","og_title":"Brandv\u00e4ggsregler i Hexabyte Cloud","og_description":"I Hexabyte Cloud kan varje instans (\u00e4ven kallad VPS) ha en egen brandv\u00e4gg som styr vilken trafik som till\u00e5ts till och fr\u00e5n servern.&nbsp;Brandv\u00e4ggsfunktionen kan vara antingen aktiv eller inaktiv: Du ser om brandv\u00e4ggen \u00e4r aktiv direkt i instansens&nbsp;Firewall-flik. Vad \u00e4r en brandv\u00e4ggsregel? En brandv\u00e4ggsregel \u00e4r en instruktion som best\u00e4mmer om viss n\u00e4tverkstrafik ska till\u00e5tas eller [&hellip;]","og_url":"https:\/\/hexabyte.se\/en\/kb\/firewall\/","og_site_name":"Hexabyte","article_modified_time":"2025-04-09T06:10:51+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/hexabyte.se\/kb\/firewall\/","url":"https:\/\/hexabyte.se\/kb\/firewall\/","name":"Firewall rules in Hexabyte Cloud","isPartOf":{"@id":"https:\/\/hexabyte.se\/#website"},"datePublished":"2025-04-09T06:09:58+00:00","dateModified":"2025-04-09T06:10:51+00:00","breadcrumb":{"@id":"https:\/\/hexabyte.se\/kb\/firewall\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hexabyte.se\/kb\/firewall\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hexabyte.se\/kb\/firewall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Hem","item":"https:\/\/hexabyte.se\/"},{"@type":"ListItem","position":2,"name":"Kunskapsbank","item":"https:\/\/hexabyte.se\/kb\/"},{"@type":"ListItem","position":3,"name":"Brandv\u00e4ggsregler i Hexabyte Cloud"}]},{"@type":"WebSite","@id":"https:\/\/hexabyte.se\/#website","url":"https:\/\/hexabyte.se\/","name":"Hexabytes","description":"Server solutions","publisher":{"@id":"https:\/\/hexabyte.se\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hexabyte.se\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hexabyte.se\/#organization","name":"Hexabyte AB","url":"https:\/\/hexabyte.se\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hexabyte.se\/#\/schema\/logo\/image\/","url":"https:\/\/hexabyte.se\/wp-content\/uploads\/2023\/12\/hexabyte-clear.svg","contentUrl":"https:\/\/hexabyte.se\/wp-content\/uploads\/2023\/12\/hexabyte-clear.svg","width":318,"height":57,"caption":"Hexabyte AB"},"image":{"@id":"https:\/\/hexabyte.se\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/hexabyte.se\/en\/wp-json\/wp\/v2\/kb\/504561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hexabyte.se\/en\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/hexabyte.se\/en\/wp-json\/wp\/v2\/types\/kb"}],"wp:attachment":[{"href":"https:\/\/hexabyte.se\/en\/wp-json\/wp\/v2\/media?parent=504561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}