Firewall at Zerops
Zerops includes a comprehensive firewall system implemented using nftables to ensure platform security.
The primary focus is on managing outbound communication to prevent potential platform misuse while maintaining the flexibility needed for legitimate applications.
What is a Firewall?​
A Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
At Zerops, we implemented a robust firewall system to protect our platform and your applications.
Default Firewall Rules​
Allowed Outbound Ports​
| Protocol | Port | Service |
|---|---|---|
| TCP/UDP | 80 | HTTP |
| TCP/UDP | 443 | HTTPS |
| TCP/UDP | 22 | SSH |
| TCP/UDP | 53 | DNS |
| TCP/UDP | 123 | NTP |
Restricted Ports​
To maintain platform security, certain ports are restricted:
- TCP: All ports in the range 1-1024 (except those explicitly allowed above)
- UDP: All ports in the range 1-65535 (except those explicitly allowed above)
Note: Ports outside these ranges are generally unrestricted.
Security Measures​
These firewall rules are strategically implemented to:
- Prevent unauthorized use of the Zerops infrastructure for spam or network attacks
- Protect Zerops and its users from potential security threats
- Maintain compliance with security best practices
Requesting Firewall Modifications​
If your application requires access to additional ports:
- Contact Zerops support at
support@zerops.io. - Include in your request:
- Detailed explanation of your use case.
- Specific ports and protocols needed.
- Mention your Project ID and Organization ID from your Zerops Dashboard.
Common Use Cases​
Standard Web Applications (HTTP/HTTPS)​
- Full access to HTTP/HTTPS communication (ports 80/443)
- Unrestricted DNS queries (port 53)
- Time synchronization via NTP (port 123)
Enabled by default for all projects on Zerops.
Email Services​
- Additional configuration required for SMTP
- Contact Support for email-related port access
Custom Applications​
- Special port requirements should be discussed with support
- Each request is evaluated based on security implications