Firewall Configuration

Overview

AFRICLOUD provides a cloud firewall that filters traffic before it reaches your server. This operates at the network level and is separate from any software firewall (like ufw or iptables) running on your server.

Default Behaviour

By default, all inbound traffic is allowed. You can create firewall rules to restrict access to specific ports and IP ranges.

Creating Rules

1. Go to Networking → Firewalls in the dashboard.
2. Click Create Firewall.
3. Give it a name (e.g., "Web Server Rules").
4. Add inbound rules. Each rule specifies:
   • Protocol — TCP, UDP, or ICMP
   • Port range — single port (e.g., 22) or range (e.g., 8000-9000)
   • Source — any IP, a specific IP, or a CIDR range
5. Apply the firewall to one or more servers.

Common Configurations

Web Server

• TCP 22 (SSH) — from your IP only
• TCP 80 (HTTP) — from any
• TCP 443 (HTTPS) — from any

Database Server

• TCP 22 (SSH) — from your IP only
• TCP 3306 (MySQL) — from your application server IP only

Best Practices

• Always restrict SSH (port 22) to known IP addresses or use SSH keys.
• Use the cloud firewall in addition to a software firewall on the server for defence in depth.
• Review your rules regularly and remove any that are no longer needed.