A firewall lets you control the incoming and outgoing network traffic from your cluster or instance.
You can create a firewall by going to the Manage > Firewall section in your account.
Once you click on create firewall, you can enter the firewall name and choose the network it belongs to. You can either choose the Default network or one of the networks created over in the network section. (Read more about networks).
We have chosen to create the firewall in the default network and given
Demo as a name.
Now once the firewall is created we need to add rules to it.
All ports are closed for custom firewalls by default. You’ll need to specifically open the ports you require.
Let's only open port 22 for now.
Creating an instance using the custom firewall
When creating a new compute instance, select the network and firewall you require.
SSH into the instance and install nginx to serve HTTP traffic:
Try to access the public IP of the instance, and you will see the connection is not allowed:
Now, create a rule for port 80 to allow HTTP traffic:
This time when we access the public IP of our instance, we can see nginx running.
This is how you can control the traffic using custom firewalls. Be aware that unless you open a port on a custom firewall, all traffic to your instance using that port will be dropped.