Skip to main content
Latitude.sh Firewall provides centralized management of server-level iptables rules across your infrastructure. Unlike network firewalls that operate at the perimeter, it runs directly on each server while allowing you to configure all firewall rules from a single interface, reducing operational overhead in multi-server environments.
Latitude.sh Firewall requires an operating system that supports UFW (Uncomplicated Firewall). Make sure your server is running a compatible OS before attempting to install and use the firewall service.

Creating a firewall

Follow these steps to create a firewall:
1

Create a firewall

Log in to the dashboard, select a project, navigate to Firewall in the sidebar menu, and click Create Firewall. Provide a name for your firewall and click Create.
After you create a firewall, Latitude.sh opens the firewall detail page with a tabbed layout:
  • Overview: Summary, rule preview, protected servers preview, and agent installation commands
  • Rules: Create and edit inbound/outbound rules
  • Servers: Assign or remove protected servers
  • Settings: Delete the firewall
The right-side Details panel shows firewall properties (name, rule count, server count, ID, and project). You can also rename the firewall from the Name field there.

Setting firewall rules

After creating a firewall, follow these steps to add rules for inbound and outbound traffic:
1

Add and configure firewall rules

Open the Rules tab, click New rule, and configure the rule settings:From: Search/enter the source IP or select “Any” for all IPs.To: Search/enter the destination IP or select “Any”.Protocol: Choose TCP or UDP.Port range: Enter a single port or a range using a hyphen (for example, 22 or 80-443).Description: (Optional) Add a label to make the rule easier to identify (e.g., “Allow SSH from office”).Click Apply to save your changes.

Assigning firewall rules to servers

You can assign firewalls to servers using two methods:

From the Firewall detail page

1

Assign firewall to servers

Open the Servers tab and use Add a server to protect… to assign the firewall to servers in the current project.
2

Install or uninstall the firewall agent

Open the Overview tab, expand Agent Installation, and copy the Install or Uninstall command.Run the command on each server to apply or remove the Latitude.sh firewall agent configuration.

From the Server pages

1

Assign firewall from server page

Navigate to your server’s Overview or Network page and locate the Firewall assignments section. Click Assign to select from existing firewalls in your project, or create a new firewall directly from this interface.To remove a firewall assignment, click the delete icon next to the assigned firewall in the Firewall assignments section.
Managing firewall assignments from server pages provides the same functionality as the centralized Firewall dashboard, allowing you to choose the workflow that best fits your needs.

Renaming a firewall

1

Rename the firewall

Edit the Name field in the right-side Details panel, or use Actions > Rename.

Deleting a firewall

1

Delete the firewall

Open the Settings tab, click Delete, then type the firewall name to confirm the deletion.

Using Firewall alongside Docker

Docker manages its own networking rules through iptables, which can interact unexpectedly with server-level firewalls like UFW. By default, Docker inserts its rules at a higher priority in the iptables chain than UFW, meaning incoming traffic to Docker containers bypasses UFW’s restrictions entirely. This behavior ensures Docker containers can communicate but may create security gaps if not properly managed. To maintain security when using Docker with Latitude.sh Firewall, you should explicitly control container networking through Docker’s own configuration:
  1. Use Docker’s published ports (-p or --publish flag) to specify exactly which container ports should be accessible
  2. Avoid using --network host mode unless absolutely necessary, as it bypasses Docker’s network isolation
  3. Consider using Docker’s built-in network policies and internal networks for container-to-container communication
For detailed configuration options and best practices, refer to the Docker documentation on container networking and security.

Firewall billing

Charges apply when you assign a firewall to a server. For the current rate, see the pricing page. If you remove all server assignments, billing stops at the end of the current billing cycle.