Security groups
Security groups, like firewalls, help you control the incoming and outgoing network traffic for your instances.
You can define separate rules for inbound and outbound traffic. Nebula provides fine-grained control over allowed or restricted connection types, protocols, port ranges, and even source and destination IP addresses.
Create security groups
You can create security groups in 2 ways:
- On the Security groups Console page
- During the server creation flow
When you create a security group, you first define a name and an optional description, then define inbound and outbound traffic rules.
When creating a new security group, Nebula adds default inbound and outbound rules as a measure of security:
- by default, all incoming traffic is blocked
- all outgoing traffic is allowed
Create your own inbound rules to define the traffic that you want to allow — IP addresses outside the scope of your rules will be blocked.
Use outbound rules to control the outgoing network traffic — all egress traffic is allowed by default.
Creating a rule only takes a couple of steps:
- Select internet protocol:
IPv4
orIPv6
- Select communication protocol:
TCP
,UDP
, orICMP
- Define a port range
- Define a source or destination IP address with a subnet mask
- Add a description and Save
- Security groups are created on a project level, meaning that any server on a project can use any available security group.
- You can add multiple security groups to an instance.
- You can create security groups without assigning them to servers.
Manage security groups
You can manage security groups on the Security groups Console page.
Select a security group to check:
- the unique ID of the security group
- all inbound and outbound rules
You can also delete security groups on this page.
The CIDR block you specify for a subnet cannot be changed after the subnet has been created.
Need help?
If you have any technical questions or encounter any problems, get in touch with our Support team! We're here to help, and will provide support if you encounter any issues with NebCompute.