Manage your firewall rules

info

Crusoe Cloud is currently in private beta. If you do not currently have access, please request access to continue.

Creating a new firewall rule

CLI

Use the networking firewall-rules create command to create a firewall rule. As an example, you can create a firewall rule to allow HTTPS serving:

crusoe networking vpc-firewall-rules create \
  --name allow-https \
  --action ALLOW \
  --destination-ports 443 \
  --destinations 172.27.0.12 \ 
  --protocols tcp,udp \
  --source-ports * \
  --sources 0.0.0.0/0 \
  --vpc-network-id NETWORK_ID

UI

In order to create a firewall rule via the Crusoe Cloud console:

• Visit the Crusoe Cloud console
• Click the "Network" tab in the left nav
• Click the "Add Rule" button
• Add the required information
• Click the "Create" button

Terraform

Creating Firewall rules is fundamental to Crusoe Cloud for various reasons, including security and access control to and from your VM. The following is intended to help get you started in using Terraform to provision Firewall rules and attach the firewall rules to a VM in Crusoe Cloud.

Copy and paste the code below in a text-editor of your choice and name the file main.tf. The example below creates a Firewall rule:

terraform {
  required_providers {
    crusoe = {
      source  = "registry.terraform.io/crusoecloud/crusoe"
    }
  }
}

resource "crusoe_vpc_firewall_rule" "open_fw_rule" {
  network           = "9999999y-d1bb-4e19-9bdc-1fc38392f18x" // VPC network ID
  name              = "example-terraform-rule" // Name of Firewall rule
  action            = "allow"
  direction         = "ingress"
  protocols         = "tcp"
  source            = "0.0.0.0/0"
  source_ports      = "1-65535"
  destination       = "0.0.0.0/0"
  destination_ports = "1-65535"
}

network, name, action, direction, protocols, source, source_ports, destination, destination_ports are required arguments.

network is the VPC network ID, which can be found by running crusoe networking vpc-networks list and copying and pasting the UUID.

name is the name of the firewall rule.

action is the action of the rule, right now “allow” is the only action.

direction is the direction you want traffic to go, right now “ingress” is the only direction.

protocols is what protocol is filtered, the options are tcp, udp, or icmp.

source is the IP (or IPs) that traffic is “coming from”.

source_ports are the Port (or Ports) that traffic is “coming from”.

destination is the IP (or IPs) that traffic is “heading to”. Use private IP address for destination VMs (as opposed to public IP).

destination_ports are the Port (or Ports) that traffic is “heading to”.

After saving the code to a main.tf file, the following commands serve as the process to create a resource in Crusoe Cloud using Terraform:

terraform init - Initializes a working directory containing Terraform configuration files.

terraform plan - the output of this command will show the resources Terraform plans on creating.

terraform apply - this command will create the resources.

Viewing all existing firewall rules

CLI

Use the networking vpc-firewall-rules list command to list all existing firewall rules.

crusoe networking vpc-firewall-rules list

UI

In order to view firewall rules via the Crusoe Cloud console:

• Visit the Crusoe Cloud console
• Click the "Network" tab in the left nav

Terraform

It is currently not possible to view firewall rules in the Crusoe Terraform provider.

Update an existing firewall rule.

CLI

Use the networking vpc-firewall-rules update RULE_ID command to modify an existing firewall rule. Specify the resource ID of the rule you wish to update along with the fields to be modified.

crusoe networking vpc-firewall-rules update RULE_ID \
  --name allow-https-v2 \
  --destination-ports 443 \
  --destinations 172.27.1.12 \
  --protocols TCP,UDP \
  --vpc-network-id NETWORK_ID

UI

To update an existing firewall rule via the console:

• Visit the Crusoe Cloud console
• Click the "Network" tab in the left nav
• Navigate to the row of the firewall rule you wish to update
• Click the pencil icon on the far right side of the row
• Edit the fields you wish to modify
• Click on the "Update" button to save your changes

Terraform

terraform {
  required_providers {
    crusoe = {
      source  = "registry.terraform.io/crusoecloud/crusoe"
    }
  }
}

resource "crusoe_vpc_firewall_rule" "open_fw_rule" {
  network           = "9999999y-d1bb-4e19-9bdc-1fc38392f18x" // VPC network ID
  name              = "example-terraform-rule" // Name of Firewall rule
  action            = "allow"
  direction         = "ingress"
  protocols         = "tcp"
  source            = "0.0.0.0/0"
  source_ports      = "1-65535"
  destination       = "0.0.0.0/0"
  destination_ports = "80" // only open HTTP port 80
}

After making any changes, save the code and then perform the following commands:

terraform plan - the output of this command will show the resources Terraform plans on creating.

terraform apply - this command will create the resources.

Deleting a firewall rule

info

Warning: deleting a firewall rule is a permanant action that will require re-creation of the rule to recover.

CLI

Use the networking firewall-rules delete command to delete a specific firewall rule:

crusoe networking vpc-firewall-rules delete --name RULE_NAME

UI

In order to delete a firewall rule via the Crusoe Cloud console:

• Visit the Crusoe Cloud console
• Click the "Network" tab in the left nav
• Navigate to the row of the firewall rule you wish to delete
• Click the trash can icon on the far right side of the row
• Confirm deletion

Terraform

A firewall rule can be deleted by using the terraform destroy command provided by the Terraform CLI tool.

If you are having issues creating or deleting firewall rules, please contact support.