# Firewall

In this section you can easily manage your firewall rules from the cloud platform.

<figure><img src="/files/nlHEsuoLHvAsjbn6GS8v" alt=""><figcaption></figcaption></figure>

By default, we do not add any rules to newly provisioned VPSs. However the firewall does come enabled out of the box. This is important to understand as you will not be able to access the VPS remotely before altering the firewall rules. We provision these machines locked-down from the start with the default rules blocking everything inbound and allowing everything outbound. Blacklisted ports are listed under [Restricted Ports](/services/vps-hosting/restricted-ports.md).

<figure><img src="/files/DUOgLua28xJk0FcEKKZl" alt=""><figcaption><p>Default firewall configuration for newly provisioned VPS service. This allows everything out and drops everything coming in.</p></figcaption></figure>

If for example you would like to enable remote SSH access (which you should), you would have to add a rule allowing you to do so.&#x20;

{% hint style="warning" %}
Users have the ability to disable the firewall or adjust the inbound firewall policy to quickly obtain remote access, however we strongly recommend you practice good security hygiene and only allow in what you need.
{% endhint %}

## Configuring Firewall Rules

You can customize your rules by selecting the "Add new rule" button.

<figure><img src="/files/PHMDHMcxjooHdUqUPkvZ" alt=""><figcaption></figcaption></figure>

We already have some preloaded firewall rule macros. If you don't see the macro you need, then you can manually set the rule yourself.

### Examples

* Scenario 1: Use a macro to allow SSH connections from my home IP address (i.e. 123.123.123.123).
* Scenario 2: Make a custom firewall rule to allow web traffic on port 3000.
* Scenario 3: Whitelist a single IP to any port on the firewall

#### Scenario 1

<figure><img src="/files/cmfsNuA7alv6OUJQvvpA" alt=""><figcaption><p>This configuration will only allow users from 123.123.123.123 to access the SSH service on port 22.</p></figcaption></figure>

#### Scenario 2

<figure><img src="/files/nabNnKvuT8bC1sPKHPI1" alt=""><figcaption><p>This configuration allows any IP to access port 3000 over TCP connections on your machine.</p></figcaption></figure>

#### Scenario 3

<figure><img src="/files/MIkYqVS8n0iXVmN2v7JO" alt=""><figcaption><p>This configuration allows IP 123.123.123.123 to access any port on your machine.</p></figcaption></figure>

In almost every scenario you encounter, you will likely not ever need to supply a source port. So leave that blank unless you know exactly what you are doing.

{% hint style="info" %}
There are a lot of protocol options in the dropdown. You should only ever be using the first three: TCP, UDP, or ICMP. If you need to open up a the firewall over UDP and TCP then you will have to make two separate rules for each protocol.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.solanavibestation.com/services/vps-hosting/managing-your-service/firewall.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.