Skip to main content

Introduction

Laravel Forge provides comprehensive network management capabilities. This includes firewall configuration and server-to-server connectivity management, allowing you to control traffic flow and establish secure connections between your infrastructure components.
Manually created ufw rules on your server won’t appear in the Laravel Forge dashboard. Forge only displays and manages rules created through its interface.

Managing server networks and firewalls

Server networks

Server networks simplify the process of connecting servers for dedicated database, cache, or queue functionality. To establish internal network connections, servers must meet these requirements:
  • Created by the same server provider
  • Using identical server provider credentials
  • Owned by the same user account
  • Located within the same geographical region and VPC
Once network access is granted between servers, you can connect using private IP addresses for secure, high-performance internal communication.

Firewall management

Laravel Forge provides complete firewall control, allowing you to open specific ports to internet traffic. Common use cases include opening port 21 for FTP services or custom application ports.

Creating firewall rules

To create a firewall rule, navigate to your server’s settings page and click the “Network” tab. Then, click the “Add rule” button. Configure the rule by specifying the port or port range, type, and optionally restrict access to specific IP addresses. Click the “Create rule” button to apply the new firewall configuration. When creating rules, you can specify port ranges using the format 8000:8010 to open multiple consecutive ports, or provide multiple IP addresses as a comma-separated list for enhanced security.

Deleting firewall rules

To delete a firewall rule, navigate to your server’s “Network” tab. Then, click on the dropdown next to the rule you want to remove. Click the “Delete” dropdown item and confirm the deletion. Warning: Never delete the SSH rule (typically port 22) as this will prevent Laravel Forge from connecting to and managing your server.

Enhanced security options

You can restrict port access to specific IP addresses for additional security. The “From IP Address” field accepts multiple addresses as a comma-separated list: 192.168.1.1,192.168.1.2,192.168.1.3.

Allow and deny rules

Configure traffic permissions by selecting allow or deny actions for each rule. Deny rules prevent matching traffic from reaching services and are automatically prioritized above allow rules for proper security enforcement.
New IPv4 deny rules are positioned above existing deny rules for optimal priority handling. IPv6 rules currently don’t support first-priority positioning in UFW.

Default firewall configuration

Laravel Forge automatically configures essential firewall rules during server provisioning:
  • SSH: Port 22 access from any IP address
  • HTTP: Port 80 access from any IP address
  • HTTPS: Port 443 access from any IP address
While port 22 remains open for SSH connections, only SSH key-based authentication is accepted, preventing brute force attacks. Never delete the SSH rule—doing so will break Forge’s ability to connect to and manage your server. Mail ports (25, 465, 587) are blocked by default on Laravel VPS servers to prevent abuse. If you need to send email from your server, use an HTTP / API based service like Resend, or contact Laravel Forge support to request these ports be unblocked.

Recovering from deleted SSH rules

If you accidentally delete the SSH firewall rule (typically port 22), Forge loses server connectivity and cannot restore the rule automatically. To resolve this issue:
  1. Access your server directly through your cloud provider’s console (such as DigitalOcean’s remote access feature)
  2. Connect as the root user
  3. Restore SSH access by running: ufw allow 22
This will re-establish Forge’s connection capability to your server.
I