Latitude.sh Firewall provides centralized management of server-level iptables rules across your infrastructure. Unlike network firewalls that operate at the perimeter, it runs directly on each server while allowing you to configure all firewall rules from a single interface, reducing operational overhead in multi-server environments.
Latitude.sh Firewall requires an operating system that supports UFW (Uncomplicated Firewall). Make sure your server is running a compatible OS before attempting to install and use the firewall service.

Creating a firewall

Follow these steps to create a firewall:
1

Create a firewall

Log in to the dashboard, select a project, navigate to Firewall in the sidebar menu, and click Create Firewall. Provide a name for your firewall and click Create.

Setting firewall rules

After creating a firewall, follow these steps to add rules for inbound and outbound traffic:
1

Add and configure firewall rules

Click + New rule and configure the rule settings:From: Search/enter the source IP or select “Any” for all IPs.To: Search/enter the destination IP or select “Any”.Protocol: Choose TCP or UDP.Port: Enter the port number or range (e.g., 22 for SSH or 80-90 for a range of ports).Click Apply to save the rule.

Assigning firewall rules to servers

You can assign firewalls to servers using two methods:

From the Firewall dashboard

1

Assign firewall to servers

In Assigned servers, enter the server hostname or IP to assign firewall rules. Copy the installation command from the Install tab, then paste and run it on each server.To remove the configuration, copy the command from the Uninstall tab, then paste and run it on each server.

From the Server pages

1

Assign firewall from server page

Navigate to your server’s Overview or Network page and locate the Firewall assignments section. Click Assign to select from existing firewalls in your project, or create a new firewall directly from this interface.To remove a firewall assignment, click the delete icon next to the assigned firewall in the Firewall assignments section.
Managing firewall assignments from server pages provides the same functionality as the centralized Firewall dashboard, allowing you to choose the workflow that best fits your needs.

Renaming a firewall

1

Rename the firewall

Click Actions > Rename, enter the new name and save.

Deleting a firewall

1

Delete the firewall

Remove any active assignments, click Actions > Delete, and confirm the deletion.

Using Firewall alongside Docker

Docker manages its own networking rules through iptables, which can interact unexpectedly with server-level firewalls like UFW. By default, Docker inserts its rules at a higher priority in the iptables chain than UFW, meaning incoming traffic to Docker containers bypasses UFW’s restrictions entirely. This behavior ensures Docker containers can communicate but may create security gaps if not properly managed. To maintain security when using Docker with Latitude.sh Firewall, you should explicitly control container networking through Docker’s own configuration:
  1. Use Docker’s published ports (-p or --publish flag) to specify exactly which container ports should be accessible
  2. Avoid using --network host mode unless absolutely necessary, as it bypasses Docker’s network isolation
  3. Consider using Docker’s built-in network policies and internal networks for container-to-container communication
For detailed configuration options and best practices, refer to the Docker documentation on container networking and security.

Firewall billing

Charges apply when you assign a firewall to a server. For the current rate, see the pricing page. If you remove all server assignments, billing stops at the end of the current billing cycle.