Guide
Training

Create a Cloud Firewall

Suggest Edits

  1. Log in to Cloud Manager and select Firewalls from the navigation menu.

  2. From the Firewalls listing page, click on the Create Firewall link.

  3. The Create Firewall drawer appears with the configuration options needed to add a Firewall. Configure your Firewall with the required fields:

    ConfigurationDescription
    LabelThe label is used as an identifier for this Cloud Firewall. Required.
    LinodesThe Compute Instance(s) on which to apply the firewall. A list of all Compute Instance on your account are visible. You can skip this configuration if you do not yet wish to apply the firewall to a Compute Instance.
    NodeBalancersThe NodeBalancer(s) on which to apply the firewall. A list of all NodeBalancers on your account are visible. You may skip this configuration if you do not yet wish to apply the firewall to a NodeBalancer. Note that outbound firewall rules do not apply to NodeBalancers.

  4. Click on the Create Firewall button to finish creating your Cloud Firewall. By default, a new Cloud Firewall accepts all inbound and outbound connections. Custom rules can be added as needed. See Manage Cloud Firewall rules.

    Click on the Create button to create your Firewall.

📘

If you add a Cloud Firewall to a NodeBalancer, the inbound rules only apply to NodeBalancer’s public IP address and not the IPs of the back-end nodes (Compute Instances) assigned to the NodeBalancer. This means that the IPs of the back-end nodes may still be exposed to the public internet. As a best practice, you can protect the IPs of the individual Compute Instances by:

  • Adding the individual instances to the same Cloud Firewall as the NodeBalancer
  • Adding the individual instances to a new Cloud Firewall
  • Manually configuring internal firewall rules on the instances

See Comparing Cloud Firewalls to Linux firewall software to help determine which solution is best for your use case.

Updated about 1 month ago