Virtual Firewalls for Every Instance
RamNode Cloud Firewall is built on OpenStack security groups: stateful, instance-level virtual firewalls that filter network traffic before it reaches your server. Included free with every Virtual Private Cloud.
What Is a Cloud Firewall?
A cloud firewall is a virtual firewall layer that sits between your cloud instances and the rest of the network. RamNode Cloud Firewall uses OpenStack security groups to control exactly which traffic can reach your instances and which traffic can leave them.
Because security groups are enforced at the cloud infrastructure level, they add an extra layer of defense on top of the operating system firewall inside the instance. They are also independent of the operating system: a misconfigured UFW or firewalld rule will not accidentally open a port that the security group has already closed.
What Can You Use Cloud Firewall For?
Any server that accepts network traffic can be hardened with security groups.
SSH Lockdown
Restrict port 22 to your office or home IP so only trusted administrators can access your instance remotely.
Web Server Protection
Allow HTTP and HTTPS traffic while closing every other inbound port that the application does not need.
Database Isolation
Expose a database port only to specific application instances, not to the entire public internet.
Internal Segmentation
Combine security groups with private networks to keep backend, cache, and API traffic off the public internet.
Service-Specific Ports
Open only the exact ports a service requires, such as SMTP for mail servers or custom ports for games and APIs.
Attack Surface Reduction
Reduce exposed ports and protocols to limit the impact of automated scans and brute-force attempts.
Why Use RamNode Cloud Firewall?
Included free with every VPC. Security groups are part of the RamNode Virtual Private Cloud. There is no extra charge for the firewall rules you create.
Stateful firewall. Return traffic is automatically allowed, so you do not need to write outbound rules for every response.
Allow-only rules. Security groups do not block traffic by default; they create explicit allow lists. Anything not explicitly allowed is denied.
Instance-level control. Apply different groups to different instances, or attach multiple groups to one instance for layered rules.
Works with private networks. Layer security groups on top of private networks and load balancers for defense in depth.
API and CLI control. Create rules and manage groups through the cloud control panel, OpenStack CLI, or infrastructure-as-code tools.
Cloud Firewall at a Glance
Cloud Firewall Is Included Free
Every RamNode Virtual Private Cloud includes OpenStack security groups at no extra charge. Create as many rules and groups as you need to lock down your instances.
Related Capabilities
Cloud Instances
The compute protected by your security groups. KVM virtual servers on OpenStack, starting at $4/mo.
Explore Cloud InstancesPrivate Networking
Isolate internal traffic between instances and layer security groups on top for defense in depth.
Learn about Private NetworkingLoad Balancers
Apply security groups to your load balancer and backends to control who can reach your public entry point.
Explore Load Balancers