How do I configure the Hetzner firewall for HTTP, HTTPS, and SSH?

[wigging]

In Chapter 11, it talks about creating a firewall for the Hetzner server. When I create a firewall in Hetzner it asks for inbound and outbound rules. There are also different protocols to select for each rule. How do I create a rule for HTTP port 80, is it inbound or outbound or both, what protocol do I select? How is this done for HTTPS port 443? I think I use the TCP protocol for HTTP and HTTPS. How do I restrict the access to SSH port 22? Some clarification on all of this would be helpful.

[wigging]

I did some homework and I think I have answered my own question. So I'll post the answer here but hopefully someone can comment and confirm what I have done.

All of the ports are TCP. For SSH, the IP address is defined in the first input field of the rule. At first I didn't realize this field could be edited so I wasn't sure where to put the IP address. I defined all the rules for inbound and didn't do anything for outbound. Below is a screenshot from the Hetzner dashboard. I blurred out the IP address for SSH.

[mikeckennedy]

Hey @wigging,

It looks to me like you have it set up all right. I don't think you need to worry about outbound rules. While your app probably doesn't make outbound calls, Linux still does for updates, etc. So probably just leave the outbound entirely open unless you really want to lock it down.

For inbound, just have 80/443 wide open. Limit SSH is my main recommendation there. I also have ping open so I can monitor the server and its ping time/response time.