Ask About Cloudron Firewall
-
Hi, I’d like to ask a question about the Firewall. What is the function of the Firewall in Cloudron?
For example, if an IP is blocked in the firewall, does it automatically prevent access to all applications installed on Cloudron?
Additionally, if someone attempts to access the SSH server and gets blocked by Fail2Ban, can we automatically add that IP address to Cloudron’s firewall?
I appreciate your time and attention.
Thank you.
Best regards. -
Hi, I’d like to ask a question about the Firewall. What is the function of the Firewall in Cloudron?
For example, if an IP is blocked in the firewall, does it automatically prevent access to all applications installed on Cloudron?
Additionally, if someone attempts to access the SSH server and gets blocked by Fail2Ban, can we automatically add that IP address to Cloudron’s firewall?
I appreciate your time and attention.
Thank you.
Best regards.@IniBudi said in Ask About Cloudron Firewall:
What is the function of the Firewall in Cloudron?
It's main function is to set up rate limits - https://docs.cloudron.io/security/#rate-limits . This prevents basic DoS and DDoS .
It also has basic blocklists and whitelisting certain ports (for custom software) - https://docs.cloudron.io/networking/#firewall
For example, if an IP is blocked in the firewall, does it automatically prevent access to all applications installed on Cloudron?
assuming you mean the blocklist feature, yes, it prevents access to all apps on Cloudron .
Additionally, if someone attempts to access the SSH server and gets blocked by Fail2Ban, can we automatically add that IP address to Cloudron’s firewall?
Cloudron doesn't use Fail2Ban but you can install it on your own if you like - https://docs.cloudron.io/security/#fail2ban . In general, Fail2Ban is not useful for SSH . Just configure your SSH to a) block root login b) block password login and c) use eddsa strong keys . See https://docs.cloudron.io/security/#securing-ssh-access . People can waste all their resources trying to access your server, you can just ignore them. Reality of internet is anyone can access your server.
-
Or don’t expose your ssh to the internet but e.g. require a Wireguard connection to access it locally…. Isn’t that even safer?
-
@IniBudi said in Ask About Cloudron Firewall:
What is the function of the Firewall in Cloudron?
It's main function is to set up rate limits - https://docs.cloudron.io/security/#rate-limits . This prevents basic DoS and DDoS .
It also has basic blocklists and whitelisting certain ports (for custom software) - https://docs.cloudron.io/networking/#firewall
For example, if an IP is blocked in the firewall, does it automatically prevent access to all applications installed on Cloudron?
assuming you mean the blocklist feature, yes, it prevents access to all apps on Cloudron .
Additionally, if someone attempts to access the SSH server and gets blocked by Fail2Ban, can we automatically add that IP address to Cloudron’s firewall?
Cloudron doesn't use Fail2Ban but you can install it on your own if you like - https://docs.cloudron.io/security/#fail2ban . In general, Fail2Ban is not useful for SSH . Just configure your SSH to a) block root login b) block password login and c) use eddsa strong keys . See https://docs.cloudron.io/security/#securing-ssh-access . People can waste all their resources trying to access your server, you can just ignore them. Reality of internet is anyone can access your server.
