# Firewall at Zerops


Zerops includes a comprehensive firewall system implemented using [nftables](https://en.wikipedia.org/wiki/Nftables) to ensure platform security.

The primary focus is on managing outbound communication to prevent potential platform misuse while maintaining the flexibility needed for legitimate applications.

## What is a Firewall?

A Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

At Zerops, we implemented a robust firewall system to protect our platform and your applications.

## Port Access Rules

### UDP Ports
*No restrictions*

### TCP Ports

#### **TCP ports 1-1024**
The following specific ports are allowed:

- **22** - SSH
- **53** - DNS
- **80** - HTTP
- **123** - NTP
- **443** - HTTPS
- **587** - SMTP (with STARTTLS)

*All other TCP ports in the range 1-1024 are **blocked** for security reasons, see below.*

#### **TCP ports 1025-65535**
*No restrictions*

## Security Measures

These firewall rules are strategically implemented to:

- Prevent unauthorized use of the Zerops infrastructure for spam or network attacks
- Protect Zerops and its users from potential security threats
- Maintain compliance with security best practices

## Common Use Cases

### Standard Web Applications (HTTP/HTTPS)
- Full access to HTTP/HTTPS communication (ports 80/443)
- Unrestricted DNS queries (port 53)
- Time synchronization via NTP (port 123)

### Email Services

- SMTP access through port 587 (with STARTTLS)
- For detailed SMTP configuration, see our [SMTP documentation](/references/smtp)

## Requesting Firewall Modifications

If your application requires access to additional ports:

1. Contact Zerops support at [support@zerops.io](mailto:support@zerops.io).
2. Include in your request:
   - Specific ports and protocols needed.
   - Detailed explanation of your use case.
   - Mention your Project ID and Organization ID from your Zerops Dashboard.