2 posts tagged with "firewall"

If you’ve ever deployed a website or managed infrastructure at scale, you’ve probably heard of Cloudflare. Most folks think of it as just a CDN with DDoS protection. But dig a little deeper, and you’ll find it’s evolving into a full-blown edge platform: part DNS provider, part firewall, part serverless compute engine, and even a zero-trust network.

Let’s break down what Cloudflare really offers and how you can get the most out of it.

CDN Alternatives, DNS & DDoS Protection#

Cloudflare started as a reverse proxy and CDN combo. It now caches your static assets in 300+ data centers globally, which drastically reduces latency and protects your origin server. Learn more about Cloudflare CDN

It also has DDoS protection built-in, handling both Layer 3/4 and Layer 7 attacks automatically — all at no extra cost. That’s huge compared to setting this up with AWS Shield or a WAF. Compare with AWS Shield

And let’s not forget DNS. Their public resolver, 1.1.1.1, is among the fastest. For domain hosting, Cloudflare DNS is blazing fast and comes with DNSSEC and other enterprise-level features — again, free. Explore 1.1.1.1 DNS

WAF, Bot Protection & Rate Limiting#

Cloudflare’s Web Application Firewall (WAF) is developer-friendly and integrates nicely with modern CI/CD pipelines. You can write custom firewall rules using their UI or even Terraform. Cloudflare WAF Documentation

Need to throttle abusive IPs or stop credential-stuffing bots? Cloudflare offers precise control. For example:

It’s not just a firewall — it’s programmable security.

Serverless Edge Compute with Workers & Durable Objects#

Here’s where things get spicy. Cloudflare Workers let you run JavaScript or TypeScript functions directly at the edge. No need for centralized cloud regions. That means lower latency and zero cold starts.

Use cases include:

• Lightweight APIs
• JWT-based authentication
• A/B testing and personalization
• Edge-rendered SSR apps like Next.js

It’s like AWS Lambda but faster and more lightweight. Plus, with Durable Objects and Workers KV, you can manage global state effortlessly. Get started with Cloudflare Workers

Zero Trust Networking Without VPNs#

Cloudflare Zero Trust (formerly Access + Gateway) lets you secure internal apps without a VPN.

You get:

• SSO via Google Workspace or GitHub
• Device posture checks
• Real-time activity logs

With Cloudflare Tunnel (Argo Tunnel), you can expose internal apps securely without public IPs. It’s perfect for remote teams or CI/CD pipelines.

S3-Compatible R2 Storage with No Egress Fees#

R2 is Cloudflare’s answer to S3, but without the painful egress fees. It’s fully S3-compatible, making it ideal for hosting media, static assets, or backups.

Imagine: you upload images to R2, process them with Workers, and boom — serverless image hosting with no Lambda, no VPC headaches.

DevOps Observability with Logpush & GraphQL#

Cloudflare provides rich analytics: traffic stats, threat maps, and origin logs. Need to ship logs to S3 or a SIEM? Use Logpush.

Want custom dashboards? You can query logs with GraphQL.

GitOps, CI/CD & Infrastructure as Code with Cloudflare#

Cloudflare plays well with modern DevOps. Using their Terraform provider, you can manage WAF rules, DNS, Workers, and more as code.

For CI/CD, use Cloudflare Pages for JAMstack sites or deploy Workers using GitHub Actions:

Simple, clean, and version-controlled.

Final Thoughts: The Edge OS Is Here#

Whether you’re spinning up a personal site or managing infrastructure for an enterprise, Cloudflare likely has a tool to make your life easier.

From firewalls and serverless compute to object storage and DNS, it’s rapidly becoming an operating system for the internet edge — and a lot of it is free.

If you’re still just using it to hide your origin IP and enable HTTPS, it’s time to go deeper.

From one-click deployments to full-scale orchestration, Nife offers powerful, globally accessible solutions tailored for modern application lifecycle management — explore all our solutions and accelerate your cloud journey.

Unlock the full potential of your infrastructure with OIKOS by Nife — explore features designed to simplify orchestration, boost performance, and drive automation.

If you've ever worked with AWS EC2 instances, you know that keeping your instance secure is crucial. One way to do this is by managing your firewall, and in this blog post, well go over how to configure UFW (Uncomplicated Firewall) on your EC2 instance to allow specific ports—like SSH (port 22), MySQL (port 3306), and HTTP (port 80)—so you can connect to your instance and run services smoothly.

Why Use UFW on AWS EC2? Benefits of Uncomplicated Firewall#

On Ubuntu and other Debian-based systems, UFW is a straightforward command-line interface for controlling firewall rules. Because it is easy to set up and still provides a high degree of security, it is ideal for EC2 instances. Allowing the traffic you require while keeping unnecessary ports open to the internet is the aim here.

What You Need Before Starting UFW on EC2#

Before diving in, make sure:

• Your EC2 instance is running Ubuntu or another Debian-based Linux distribution.
• You have SSH access to the instance.
• UFW is installed (well check and install it if necessary).

How to Open Ports on EC2 Instance Using UFW: Step-by-Step Instructions#

1. Check if UFW is Installed#

First, let's check if UFW is installed on your EC2 instance. Connect to your EC2 instance and run:

If UFW is not installed, the command will return:

In that case, install it with:

2. Allow Specific Ports#

Now, let's open the ports you need:

These commands let traffic through on the specified ports, ensuring smooth access to your instance.

3. Enable UFW#

If UFW is not already enabled, activate it by running:

To verify, check the status:

You should see:

4. Optional: Restrict Access to Specific IPs#

You may want to restrict access to particular IPs for extra security. For instance, to only permit SSH from your IP:

You can do the same for MySQL and HTTP:

This adds an extra layer of security by preventing unwanted access.

5. Verify Your Firewall Rules#

Run the following command to check active rules:

This confirms which ports are open and from which IPs they can be accessed.

Troubleshooting Common Issues#

Fix SSH Access Issues on EC2 After Enabling UFW#

If you cant connect to your EC2 instance via SSH after enabling UFW, make sure port 22 is open:

Also, check your AWS Security Group settings and ensure SSH is allowed. You can review AWS security group rules here.

Troubleshooting MySQL Port (3306) Access on EC2 with UFW#

Ensure port 3306 is open and verify that your database allows remote connections.

Troubleshoot HTTP Port (80) Access on EC2 with UFW and Security Groups#

Check if port 80 is open and confirm that your EC2 security group allows inbound HTTP traffic.

Final Thoughts: Secure Your EC2 Instance with UFW#

You now know how to use UFW to open particular ports on your EC2 instance, enabling HTTP, MySQL, and SSH communication while restricting access to unwanted ports. This keeps your server safe while guaranteeing that critical services run correctly.

Related Reads#

Want to dive deeper into AWS and cloud automation? Check out these blogs:

Automating Deployment and Scaling in Cloud Environments like AWS and GCP
Learn how to streamline your deployment processes and scale efficiently across cloud platforms like AWS and GCP.

Unleash the Power of AWS DevOps Tools to Supercharge Software Delivery
Explore the tools AWS offers to enhance your software delivery pipeline, improving efficiency and reliability.

Step-by-Step Guide to Multi-Cloud Automation with SkyPilot on AWS Step-by-Step Guide to Multi-Cloud Automation with SkyPilot on AWs