Forge allows you to manage your server's firewall as well as configure which servers can connect to other servers via the Network management panel within your server's management dashboard.
Manually Managing Rules
If you manually create a
ufw rule on your server, this will not be reflected in the Forge dashboard. Forge is only aware of rules created via the Forge dashboard.
Server networks make it painless to use a connected server as a separate database, cache, or queue server. For a server to be connected to an internal network, it must:
Once you have granted access from one server to another, you may access the other server via its private IP address.
You can configure and manage your firewall from within the Forge dashboard via the Network tab on the server's management dashboard. Firewalls are used to open ports on your server to the Internet. For example, when using FTP you may need to open port
For added security, you can restrict opened ports to specific IP addresses.
When creating new firewall rules, you may supply a range of ports to open (
8000:8010), which will open every port from
You may select whether to allow or deny the traffic that matches a given rule. By creating a
deny rule, you will be preventing traffic from reaching the service.
Deny Rules Run First
deny rules work correctly, they are added at a higher priority than
allow rules. Each new
deny rule for IPv4 addresses will be added above any existing
deny rules. UFW does not currently support IPv6 rules at first priority.
As part of the provisioning process, Forge will automatically configure three rules:
You should note that although incoming traffic is allowed on port 22 for SSH connections, SSH connections that do not use an SSH key are not accepted. Therefore, it is not possible to brute force an SSH connection to your server. You should never delete the rule that allows SSH traffic to your server; otherwise, Forge will be unable to connect to or manage your server.
If you have deleted the firewall rule (typically port 22) from the Forge UI or directly on the server, Forge will be unable to connect to the server and will be unable to re-create this rule for you.
To fix this, you will need to access the server directly via your provider and manually add the SSH port again. DigitalOcean allows you to connect remotely through their dashboard.
ufw for the firewall, so once you've connected to the server you need to run the following as
ufw allow 22
You may grant a circle member authority to manage the server's network by granting the