Skip to content

Firewall Rulesets

A Firewall Ruleset is your primary layer of defense. it acts as a virtual shield that controls exactly what traffic is allowed to enter or leave your services.

What is a Firewall?

Unlike a traditional physical firewall, these rulesets are applied directly to the virtual network interfaces of your resources. This means that security travels with the resource. Even if two Virtual Machines are on the same network, they cannot talk to each other unless you explicitly allow it in a Firewall Ruleset.

How it Works

The platform uses a Default Deny model for security:

  • Everything is blocked by default: Unless you create a rule to allow specific traffic, nothing gets in.
  • Rules are selective: You define rules based on the Protocol (TCP, UDP, ICMP), the Port (e.g., 80 for Web, 22 for SSH), and the Source/Destination (where the traffic is coming from or going to).
  • Inbound vs. Outbound: You can separately control traffic coming into your service (Ingress) and traffic leaving your service (Egress).

Interactions

Firewalls are applied at the point of connection:

  • Virtual Machines: When you attach a VM to a network, you select which Firewall Rulesets should protect that specific connection. You can apply multiple rulesets to a single interface.
  • Networks: While networks provide isolation, firewalls provide the granular "who-can-talk-to-whom" logic within or across those networks.