DigitalOcean

Report this

What is the reason for this report?
Question

Configuring Firewalls

Posted on June 20, 2017
Firewall
Ubuntu
Jimo

By Jimo

I’m running two servers, a Perforce Version Control server and a standard HTTP web server for a CMS, each on separate droplets.

I’m quite unsure what I should be setting for firewall rules on each of these. For the web server I’ve kept pretty much the defaults, inbound SSH on port 22 and all outbound TCP/UDP ports, but I’m really unsure what to do for the Perforce server which connects on 1666. I read this thread which just has me even more confused: https://forums.perforce.com/index.php?/topic/827-ports-to-open-on-firewall/

Any help would be appreciated!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Jonathan Tittle
Jonathan TittleDigitalOcean Employee badge
June 20, 2017

Accepted Answer

@Jimo

If you’re running a web server, I’d open ports 22 (SSH), 80 (HTTP), and 443 (HTTPS).

If those ports are blocked, you won’t be able to get in to your Droplet or receive standard web traffic. Console will still be available if you lock yourself out, though if you’re using SSH keys, Console won’t be an option as SSH keys won’t work there.

The thread you linked to isn’t stating that you’ll end up giving access to data, it’s stating that the port is not encrypted (but neither is port 80, which is why HTTPS goes over 443 if enabled).

So what can you do? You can limit what IP’s access the port – that’d probably be best in any case if it isn’t something you don’t want the public to be able to access. To do this, you’d need a static IP, or a VPN.

You’d whitelist the IP of the VPN, connect to the VPN and then connect on that port. If you aren’t on the VPN, then you wouldn’t be able to access that port (the same would apply to everyone).

You can whitelist multiple IP’s or IP ranges, so if you have multiple users that need to access that port, you can add multiple IP’s – though keep in mind, they need to be static IP’s otherwise you’re going to end up removing and adding IP’s often. It’s not an issue, just more of a burden since you have to keep up with everyones IP.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.