Which IP addresses should I allow through my firewall?

If you'd rather fetch these ranges programmatically and keep your firewall allowlist up to date automatically, see Fetching our IP ranges via API.

All zones require the following shared IP range to be allowed:

• 185.22.211.30 - 185.22.211.31

Depending on your project's zone, you should also allow the following additional IP addresses:

UK Zone

• 185.22.211.36 - 185.22.211.39
• 185.22.211.97 - 185.22.211.100 (If you're using IPv6, add 2a03:2800:0300::/64 instead)

EU West Zone

• 141.98.24.178
• 141.98.24.21

US East Zone

• 152.89.76.162
• 152.89.76.109

US West Zone

• 185.69.56.127
• 185.69.56.208

Additionally, if you're using a network agent for your deployments

• 185.44.252.50 - 185.44.252.51 (If you're using IPv6, add 2a03:2800:500::20 and 2a03:2800:500::77 instead)

Port allowlisting

For deployments to work correctly you should also ensure that the correct ports are open on your firewall. These vary by protocol:

• Passive FTP - ports 20, 21 and all ports higher than 1023
• Active FTP - port 21
• SSH/SFTP - port 22
• Network agent - port 7777 (TCP)

These IP ranges are used to host all of our applications, including DeployHQ.

How to allow our IP ranges access via commonly used firewalls

Ubuntu - ufw

The default firewall configuration tool for Ubuntu is ufw and if you're running a dedicated Linux server, you should have access to it.

To allow an IP range through ufw, enter the following into your terminal:

$ sudo ufw allow from [IP_ADDRESS]

And if you wish to restrict connections from a range to a specific TCP network port:

$ sudo ufw allow from [IP_ADDRESS] to any port 22 proto tcp

You can read more about ufw here.

CentOS - firewalld

With CentOS, you can use firewalld which works in a very similar way. to Ubuntu's ufw. To whitelist an IP range, run the following command in your terminal:

$ sudo firewall-cmd --zone=public --add-source=[IP_ADDRESS]

You can find more information about firewalld here