Security
Firewall
Control network traffic to and from your VMs with firewall rules.
Overview
Edge Network provides a software firewall for each VM. Rules are configured through the control panel and applied at the network edge, before traffic reaches your VM.
Inbound Rules
Control what traffic can reach your VM from the internet or other sources.
Outbound Rules
Control what traffic can leave your VM (all outbound allowed by default).
Default behavior: By default, all inbound traffic is blocked except for SSH (port 22). All outbound traffic is allowed.
Accessing Firewall Settings
- Navigate to your VM in the control panel
- Click on the Firewall tab
- You'll see separate sections for inbound and outbound rules
Screenshot: Firewall tab with inbound and outbound rules
Creating Firewall Rules
Each firewall rule defines what traffic to allow or deny based on several criteria.
Rule Components
| Field | Description | Example |
|---|---|---|
| Protocol | TCP, UDP, or ICMP | TCP |
| Port(s) | Single port, range, or "All" | 80, 443, or 8000-9000 |
| Source/Destination | IP address, CIDR range, or "Any" | 0.0.0.0/0 (any), 192.168.1.0/24 |
| Action | Allow or Deny | Allow |
Adding a Rule
- Click Add Rule in the Inbound or Outbound section
- Select the protocol (TCP, UDP, or ICMP)
- Enter the port or port range
- Specify the source (for inbound) or destination (for outbound)
- Choose Allow or Deny
- Click Save Rule
Screenshot: Add firewall rule modal
Common Firewall Rules
Here are example rules for common use cases:
Web Server (HTTP/HTTPS)
| Protocol | Port | Source | Action |
|---|---|---|---|
| TCP | 80 | 0.0.0.0/0 (Any) | Allow |
| TCP | 443 | 0.0.0.0/0 (Any) | Allow |
SSH (Restricted to Your IP)
More secure than allowing SSH from anywhere
| Protocol | Port | Source | Action |
|---|---|---|---|
| TCP | 22 | YOUR_IP/32 | Allow |
Database (Private Network Only)
Allow database connections only from your private network
| Protocol | Port | Source | Action |
|---|---|---|---|
| TCP | 5432 (PostgreSQL) | 10.185.0.0/24 | Allow |
Allow Ping (ICMP)
| Protocol | Type | Source | Action |
|---|---|---|---|
| ICMP | Echo Request | 0.0.0.0/0 (Any) | Allow |
Rule Order and Priority
Firewall rules are evaluated in order from top to bottom. The first matching rule determines the action taken.
Important: More specific rules should be placed before general rules. A "deny all" rule at the top would block everything, including rules below it.
You can reorder rules by dragging and dropping them in the firewall interface.
Best Practices
Principle of Least Privilege
Only open ports that your application needs. Close everything else.
Restrict SSH Access
Limit SSH to your IP address or a VPN range instead of allowing from anywhere.
Use Private Networks for Internal Services
Databases and other internal services should only be accessible via private networks.
Regularly Review Rules
Remove rules for services you no longer use.
Troubleshooting
Can't connect to my service
Check that you have an inbound rule allowing traffic on the correct port. Make sure the service is actually running on your VM (sudo netstat -tlnp).
Locked out of SSH
Use the VNC console in the control panel to access your VM and fix the firewall rules. The console works regardless of firewall settings.
Rules not taking effect
Firewall rules are applied immediately. If changes don't seem to work, check that you're connecting to the correct IP and that there's no caching involved.