Scope
Rules apply to the entire cluster — every node gets the same rules. You can’t set rules per node.When you can edit
You can edit rules while the cluster is Active. Click Edit in the Firewall rules tab, change rules inline, then click Save to apply. While changes propagate, each row shows an Updating… indicator; this usually takes a few seconds to a few minutes. The team is notified by email when rules change.Rule fields
| Field | Notes |
|---|---|
| Type | A preset (SSH, HTTP, HTTPS, Custom TCP, Custom UDP, All traffic) that prefills the protocol and port |
| Protocol | Set by the Type preset (TCP, UDP, or All) |
| Port range | Single port (for example, 8080) or a range (for example, 8000-9000) |
| Source IP | IPv4 CIDR — required. Use My IP to fill in your current address |
| Description | Optional |
Default rule
When you first open the rule form, an SSH rule (TCP/22 from0.0.0.0/0) is prefilled as a starting point. You can keep it, edit it, or remove it before saving — there are no managed rules, and every rule is treated equally.
Rule policies
- No duplicates — a rule with the same protocol, port range, and source as an existing rule is rejected. Change any one of the three and it’s allowed.
- CIDR notation is required — even a single IP must use
/32(for example,10.0.0.1/32).
Status banners
A warning banner appears at the top of the Firewall rules tab when the current rule set could cause access problems. Each banner shows up automatically while the condition is true and disappears once it’s resolved.| When | Banner message |
|---|---|
Any rule uses source 0.0.0.0/0 | Rules with source of 0.0.0.0/0 allow all IP addresses to access your cluster. Consider limiting to specific IP addresses. |
| No SSH rule (TCP/22) exists | You do not have an SSH rule. Without one, you cannot access nodes through SSH. |