Create a Cloud Firewall

1. Log in to Cloud Manager and select Firewalls from the navigation menu.

2. From the Firewalls listing page, click on the Create Firewall link.

3. The Create Firewall drawer appears with the configuration options needed to add a Firewall.

4. Select the option to create a Custom Firewall or create a firewall From a Template. Templates are available for VPC and public Linode interfaces (BETA) and come with some pre-configured rules.

5. Configure your Firewall with the required fields:

   Firewall	Configuration	Description
   Custom Firewall	Label	The label is used as an identifier for this Cloud Firewall. Required.
   	Default Inbound Policy	The default behavior for inbound traffic is set to Drop, which blocks all unsolicited inbound traffic unless explicitly allowed by other rules.
   	Default Outbound Policy	The default behavior for outbound traffic is set to Accept, which allows all outbound traffic unless explicitly denied by other rules. Note. Outbound firewall rules do not apply to NodeBalancers.
   	Linodes	The Linode(s) and it's interfaces on which to apply the firewall. A list of all Linode on your account are visible. You can skip this configuration if you do not yet wish to apply the firewall to a Linode. For Linodes using Configuration Profile network interfaces, firewalls are assigned at the Linode level, and the same firewall rules apply to all non-VLAN interfaces in the profile. For Linodes using Linode network interfaces (BETA), separate firewalls can be assigned to individual interfaces. To assign firewalls to Linode Interfaces, see Apply firewalls.
   	NodeBalancers	The NodeBalancer(s) on which to apply the firewall. A list of all NodeBalancers on your account are visible. You may skip this configuration if you do not yet wish to apply the firewall to a NodeBalancer. Note that outbound firewall rules do not apply to NodeBalancers.
   From a Template (BETA)	Label	The label is used as an identifier for this Cloud Firewall. Required.
   	Firewall Template	Customizable templates are available for both VPC and public Linode Interfaces. Each comes with pre-configured firewall rules to help you get started. Note. For improved security, narrow the allowed IPv4 and IPv6 ranges in the Allow Inbound SSH Sources rule, see Manage Cloud Firewall rules . VPC Template. The rule set is a starting point for VPC Linode Interfaces. It allows SSH access, essential networking control traffic, and inbound traffic from the VPC address space. Public Template.The rule set is a starting point for Public Linode Interfaces. It allows SSH access and essential networking control traffic.
   	Default Inbound Policy	The default behavior for inbound traffic is set to Drop, which blocks all unsolicited inbound traffic unless explicitly allowed by other rules.
   	Default Outbound Policy	The default behavior for outbound traffic is set to Accept, which allows all outbound traffic unless explicitly denied by other rules.

   
   

6. Click on the Create Firewall button to finish creating your Cloud Firewall. Firewalls can be further customized, see Manage Cloud Firewall rules.

📘

NodeBalancer Firewalls

If you add a Cloud Firewall to a NodeBalancer, the inbound rules only apply to NodeBalancer’s public IP address and not the IPs of the back-end nodes (Linodes) assigned to the NodeBalancer. This means that the IPs of the back-end nodes may still be exposed to the public internet. As a best practice, you can protect the IPs of the individual Linodes by:

• Adding the individual instances to the same Cloud Firewall as the NodeBalancer
• Adding the individual instances to a new Cloud Firewall
• Manually configuring internal firewall rules on the instances

See Comparing Cloud Firewalls to Linux firewall software to help determine which solution is best for your use case.