/Firewall

Cloud Firewall

Network Security Without the Complexity

Protect your infrastructure with stateful firewall rules, always-on DDoS mitigation, and real-time traffic visibility. Configure in seconds — free with every LightYear server.

Free with every server

Rules apply in <5 seconds

DDoS protection included

API & CLI managed

Free

With every server

<5s

Rule propagation

10 Gbps

DDoS protection

∞

Rules per group

Enterprise-Grade Protection, Zero Overhead

Every feature you need to lock down your infrastructure — without a dedicated security team.

Stateful Packet Inspection

Deep packet inspection tracks the state of every connection, automatically blocking malformed or suspicious traffic before it reaches your servers.

Inbound & Outbound Rules

Define granular allow/deny rules for inbound and outbound traffic by IP, CIDR range, port, or protocol — full control over every packet.

DDoS Mitigation

Always-on network-level DDoS protection absorbs volumetric attacks up to 10 Gbps, keeping your applications online even under sustained assault.

IP Allowlist & Blocklist

Instantly allowlist trusted IP ranges (your office, VPN, CI/CD agents) or blocklist known threat actors with a single rule.

Real-Time Traffic Logs

Inspect live and historical traffic logs with filtering by rule, source IP, destination port, and action taken — pinpoint threats in seconds.

Multi-Server Groups

Apply a single firewall policy to a group of servers. Add or remove servers from the group without re-writing rules.

API & CLI Management

Automate firewall rule management via the LightYear REST API or CLI. Integrate rule updates into your CI/CD pipeline or IaC workflows.

Instant Rule Propagation

Rule changes take effect in under 5 seconds across all servers in the group — no restarts, no downtime, no waiting.

Simple Pricing — Always Free

Firewall is included at no extra cost with every LightYear server.

Free

Included with every server

Unlimited firewall rules
Inbound & outbound control
Multi-server groups
DDoS protection
Real-time traffic logs
API & CLI access

Recommended

Firewall+

With Load Balancer bundle

Everything in Free
Load balancer integration
Geo-blocking rules
Rate limiting per IP
Threat intelligence feeds
Priority support

Common Security Scenarios

From simple SSH hardening to zero-trust architectures — the LightYear Firewall handles it all.

Web Server Hardening

Allow only ports 80 and 443 from the internet; restrict SSH to your office IP range.

Database Protection

Block all public access to MySQL/PostgreSQL ports; allow only your app servers by private IP.

Zero-Trust Networking

Deny all inbound traffic by default and explicitly allowlist each trusted source.

CI/CD Security

Temporarily open ports for build agents and automatically close them after deployment.

Compliance Isolation

Segment PCI-DSS or HIPAA workloads with strict inbound/outbound policies.

DDoS Defence

Rate-limit or block traffic from specific ASNs or geographic regions during an attack.

Example Firewall Rules

A typical secure web server configuration — applied in under 30 seconds.

Direction	Protocol	Port	Source	Action	Note
Inbound	TCP	22	203.0.113.0/24	Allow	SSH from office
Inbound	TCP	80, 443	0.0.0.0/0	Allow	Public web traffic
Inbound	TCP	3306	10.0.0.0/8	Allow	DB from private net
Inbound	Any	Any	0.0.0.0/0	Deny	Default deny all

Secure Your Servers Today

Every LightYear server ships with the Cloud Firewall enabled. Configure your first rules in under a minute.