Edge Rules
Edge rules can be used to block traffic that should not be allowed on your server. It is recommended to use edge rules to block any traffic that is not allowed on your server. The edge rule system is a standalone system, it does not influence the other protection systems.
How to create an edge rule
To create an edge rule, you need to navigate to the Edge Rules page, on this page you will be able to create a rule by clicking the New Rule button.
Edge rule priority system
Every edge rule has a unique priority number, this priority number decides the order in which rules are being applied.
The rule with the lowest priority number is applied first, and the rule with the highest priority number is applied last.
Creating a rule with priority 1 which allows TCP traffic to port 22 before a rule with priority 2 which blocks all TCP traffic will result in all TCP traffic being blocked except to port 22.
Troubleshooting
“My server can’t connect to the internet after creating an inbound block rule”
The Problem: Edge rules only filter incoming traffic to your server, not outgoing traffic. However, when your server makes an outbound request (like visiting a website), it still needs to receive the response back.
Why This Happens:
- You make a request: Your server sends a request to
google.comfrom a random port (let’s say port 45123) - Google responds: Google sends the webpage back to your server on port 45123
- Your rule blocks it: If you created a rule that blocks traffic to certain ports, it will block Google’s response from reaching your server
The Solution:
When creating block rules, make sure to allow traffic from the ports responses are sent from.
Most servers need:
- Source Port 80 (HTTP responses)
- Source Port 443 (HTTPS responses)
You could also allow all Ephemeral ports, these are the ports that are used on your server to open an outgoing connection. These usually start at port 32768 and end at port 65535.