A firewall lets you control the incoming and outgoing network traffic from your cluster or instance.

You can create a firewall by going to the Manage > Firewall section in your account.

Once you click on create firewall, you can enter the firewall name and choose the network it belongs to. You can either choose the Default network or one of the networks created over in the network section. (Read more about networks).

Create new firewall dialog

We have chosen to create the firewall in the default network and given Demo as a name.

Now once the firewall is created we need to add rules to it.

Drop-down on firewall actions showing "rules" and "delete"

All ports are closed for custom firewalls by default. You’ll need to specifically open the ports you require.

Let's only open port 22 for now.

Firewall rule dialog showing TCP port 22 opened

Creating an instance using the custom firewall

When creating a new compute instance, select the network and firewall you require.

Instance creation dialog

SSH into the instance and install nginx to serve HTTP traffic:

terminal SSH connection to an instance, with a command to install nginx

Try to access the public IP of the instance, and you will see the connection is not allowed:

"Safari can't open page" message shown when accessing the instance

Now, create a rule for port 80 to allow HTTP traffic:

Adding a Civo firewall rule to open TCP port 80 on our instance

This time when we access the public IP of our instance, we can see nginx running.

"Welcome to nginx" page shown when accessing our instance with port 80 opened

This is how you can control the traffic using custom firewalls. Be aware that unless you open a port on a custom firewall, all traffic to your instance using that port will be dropped.