A firewall controls incoming and going traffic based on predefined security rules. Typically it establishes a barrier between a trusted (internal) network and untrusted external network, like the Internet.
At Scaleway, you have the possibility to use security groups. Security groups enable to create rules that either drop or allow incoming traffic from or to certain ports of your server.
It is possible to configure a security group using the following configuration utilities:
For more information, you can refer to our Network FAQ.
Requirements:
- You have an account and are logged into console.scaleway.com
- You have configured your SSH Key
1 . In the Compute section of the side menu, click Instances. The virtual instances list displays.
2 . Click the Security Group tab to enter the security group configuration:
3 . Hover over the + button and click Create a Security Group.
4 . The security group creation page displays.
Fill in the following information for your security group:
5 . Click Create a new security group to add the newly created group to your security group configuration.
By default security groups are stateful. To configure a stateless security group, uncheck the corresponding box on the security groups overview page:
The security group configuration is based on a set of inbound and outbound rules.
By default a new security group is empty, with an exception of rules for outbound SMTP connections. These connections are blocked by default for security reasons.
Tick the Enable SMTP box to disable these rules and to be able to send outgoing emails from your instance.
Add a new rule as follows:
Drop
to drop connections that match the rule or Accept
to accept these connections.TCP
, UDP
or ICMP
.All Ports
box is tickets, the rule applies to all ports.Note: Security Group rules are treated in their order. This means you must allow connections to certain ports before denying connections to any other port.
1 . In the Security Group tab, click on the security group you want to edit or use the dropdown menu on the right … > More info:
2 . The security group details displays:
In the Overview section, you can:
In the Instances section, you can:
In the Rules section, you can:
1 . Generate API Key from your Scaleway console, if you do not have one yet.
2 . Define a SCW_TOKEN
variable from your token id
export SCW_TOKEN='token_uuid'
3 . Retrieve your organization ID through the API](https://www.scaleway.com/en/docs/scaleway-organizations/#-Retrieving-your-Organization-ID). Replace the $ACCESS_KEY
and $SECRET_KEY
values respectively with your generated access key and secret key.
% curl https://account.scaleway.com/tokens/$ACCESS_KEY -H "X-Auth-Token: $SECRET_KEY"
{
"token": {
-> "organization_id": "000a115d-2852-4b0a-9ce8-47f1134ba95a",
...
}
}
In the above example, the organization ID is 000a115d-2852-4b0a-9ce8-47f1134ba95a
.
4 . Depending on your instance location, you can use the base URL https://cp-par1.scaleway.com
or https://cp-ams1.scaleway.com
5 . Retrieve your security group.
curl 'https://api.scaleway.com/instance/v1/zones/fr-par-1/security_groups' -H "x-auth-token: $SECRET_KEY" | jq
6 . Create a new security group
curl 'https://api.scaleway.com/instance/v1/zones/fr-par-1/security_groups' -H "x-auth-token: $SECRET_KEY" -H 'Content-Type: application/json;charset=utf-8' --data '{"organization":"717ff161-41a6-4458-b4f8-e6d07d7d9562","name":"New group","description":"new"}' | jq
7 . Set the stateful option on the security group
curl 'https://api.scaleway.com/instance/v1/zones/fr-par-1/security_groups/2d9674a0-15f2-496e-a296-b16c98ba88ee' -X PUT -H "x-auth-token: $SECRET_KEY" -H 'Content-Type: application/json;charset=utf-8' --data '{"stateful":true}' | jq
8 . Set inbound default policy to drop
curl 'https://api.scaleway.com/instance/v1/zones/fr-par-1/security_groups/2d9674a0-15f2-496e-a296-b16c98ba88ee' -X PUT -H "x-auth-token: $SECRET_KEY" -H 'Content-Type: application/json;charset=utf-8' --data '{"inbound_default_policy":"drop"}' | jq
9 . Set outbound default policy to drop
curl 'https://api.scaleway.com/instance/v1/zones/fr-par-1/security_groups/2d9674a0-15f2-496e-a296-b16c98ba88ee' -X PUT -H "x-auth-token: $SECRET_KEY" -H 'Content-Type: application/json;charset=utf-8' --data '{"outbound_default_policy":"drop"}' | jq
10 . Set outbound default policy to accept
curl 'https://api.scaleway.com/instance/v1/zones/fr-par-1/security_groups/2d9674a0-15f2-496e-a296-b16c98ba88ee' -X PUT -H "x-auth-token: $SECRET_KEY" -H 'Content-Type: application/json;charset=utf-8' --data '{"outbound_default_policy":"accept"}' | jq