You can configure custom firewall rules for your instances using the Firewall component of Civo CLI. These are freely configurable, however customers should be careful to not lock out their own access to their instances. By default, all ports are closed for custom firewalls.

Firewalls can be configured with rules, and they can be made to apply to your chosen instance(s) with subsequent commands.

Configuring a New Firewall

To create a new Firewall, use civo firewall create new_firewall_name:

$ civo firewall create civocli_demo
Created a firewall called civocli_demo with ID ab2a25d7-edd4-4ecd-95c4-58cb6bc402de

You will then be able to configure rules that allow connections to and from your instance by adding a new rule using civo firewall rule create firewall_id with the required and your choice of optional parameters, listed here and used in an example below:

-c, --cidr string Array  the CIDR of the rule you can use (e.g. -c,
-d, --direction string   the direction of the rule need to be ingress
-e, --endport string     the end port of the rule
-h, --help               help for create
-l, --label string       a string that will be the displayed as the name/reference for this rule
-p, --protocol string    the protocol choice (from: TCP, UDP, ICMP)
-s, --startport string   the start port of the rule

Example usage:

$ civo firewall rule create civocli_demo --startport=22 --direction=ingress --label='SSH access for CLI demo'
 New rule SSH access for CLI demo created

$ civo firewall rule list civocli_demo
| ID                                   | Direction | Protocol | Start Port | End Port | Cidr      | Label                   |
| 00270e70-0e1b-498e-9a21-9bcc65736811 | ingress   | tcp      |         22 |          | | SSH access for CLI demo |

You can see all active rules for a particular firewall by calling civo firewall rule firewall_id, where firewall_id is the UUID of your particular firewall.

Managing Firewalls

You can see an overview of your firewalls using civo firewall list showing you which firewalls have been configured with rules, and whether any of your instances are using a given firewall, such as in this case where the firewall we have just configured has the one rule, but no instances using it.

$ civo firewall list
| ID                                   | Name         | Total rules | Total Instances | Region |
| 232d91e9-1550-4c96-bcb6-e9dfecd3e9ee | civocli_demo |           4 |              3 | lon1   |

To configure an instance to use a particular firewall, see Instances/Setting firewalls elsewhere in this guide.

To get more detail about the specific rule(s) of a particular firewall, you can use civo firewall rule list firewall_id.

Deleting Firewall Rules and Firewalls

You can remove a firewall rule simply by calling civo firewall rule remove firewall_id rule_id - confirming the Firewall ID to delete a particular rule from - as follows:

$ civo firewall rule remove 09f8d85b-0cf1-4dcf-a472-ba247fb4be21 4070f87b-e6c6-4208-91c5-fc4bc72c1587
  Removed Firewall rule 4070f87b-e6c6-4208-91c5-fc4bc72c1587

$ civo firewall rule list 09f8d85b-0cf1-4dcf-a472-ba247fb4be21

Similarly, you can delete a firewall itself by calling civo firewall remove firewall_id:

$ civo firewall remove 09f8d85b-0cf1-4dcf-a472-ba247fb4be21
  Removed firewall 09f8d85b-0cf1-4dcf-a472-ba247fb4be21

$ civo firewall list