Level 102
I think what they mean is that you should alter it, but not delete it completely. So just set up a new rule (or change the current one) to only allow their and your ips
If the rule is completely gone, no-one can access the server
Jan 30, 2025
3
Level 1
Forge Firewall and Security
Hello,
I'm using Laravel Forge to host a project, on a Digital Ocean droplet. All fine so far with no issues. However, I'm unsure what the best practices are for setting up a firewall on the server - Forge seems to contradict itself.
As I understand, Forge opens up port 22, 80 and 443 to any IP address. But on this page of the docs, https://forge.laravel.com/docs/introduction#forge-ip-addresses, it lists various IPs that it uses to access my servers. So that made me think I could set up a firewall rule on my server to allow those IPs, plus my own personal IP, and disallow everything else - meaning only myself and Forge will be able to access the server.
However, elsewhere in the Forge docs, and within the Forge UI, there's a big warning saying "You should never delete the rule that allows SSH traffic to your server; otherwise, Forge will be unable to connect to or manage your server."
So am I safe to set up a rule on my Digital Ocean droplet to only allow those IP's, or should I leave it as-s with the allow-all rules that Forge configures by default?
Level 1
Thanks, that makes sense. Should I do this through the Forge UI, or directly on my droplet within Digital Ocean?
Level 102
@mhdev I would do it in the forge ui.
Please or to participate in this conversation.