Header

Which IP addresses should I allow through my firewall?

Depending on your project's zone, you should allow the following IP ranges and addresses:

UK Zone

  • 185.22.211.30 - 185.22.211.31 (If you're using IPv6, add 2a03:2800:300::30 - 2a03:2800:300::31 instead)
  • 185.22.211.97 - 185.22.211.100 (If you're using IPv6, add 2a03:2800:0300::/64 instead)

EU West Zone

  • 185.22.211.30 - 185.22.211.31 (If you're using IPv6, add 2a03:2800:300::30 - 2a03:2800:300::31 instead)
  • 141.98.24.21

US East Zone

  • 185.22.211.30 - 185.22.211.31 (If you're using IPv6, add 2a03:2800:300::30 - 2a03:2800:300::31 instead)
  • 152.89.76.109

US West Zone

  • 185.22.211.30 - 185.22.211.31 (If you're using IPv6, add 2a03:2800:300::30 - 2a03:2800:300::31 instead)
  • 185.69.56.208

Additionally, if you're using a network agent for your deployments

  • 185.44.252.50 - 185.44.252.51 (If you're using IPv6, add 2a03:2800:500::20 and 2a03:2800:500::77 instead)

Port allowlisting

For deployments to work correctly you should also ensure that the correct ports are open on your firewall. These vary by protocol:

  • Passive FTP - ports 20, 21 and all ports higher than 1023
  • Active FTP - port 21
  • SSH/SFTP - port 22
  • Network agent - port 7777 (TCP)

These IP ranges are used to host all of our applications, including DeployHQ.

How to allow our IP ranges access via commonly used firewalls

Ubuntu - ufw

The default firewall configuration tool for Ubuntu is ufw and if you're running a dedicated Linux server, you should have access to it.

To allow an IP range through ufw, enter the following into your terminal:

$ sudo ufw allow from [IP_ADDRESS]

And if you wish to restrict connections from a range to a specific TCP network port:

$ sudo ufw allow from [IP_ADDRESS] to any port 22 proto tcp

You can read more about ufw here.

CentOS - firewalld

With CentOS, you can use firewalld which works in a very similar way. to Ubuntu's ufw. To whitelist an IP range, run the following command in your terminal:

$ sudo firewall-cmd --zone=public --add-source=[IP_ADDRESS]

You can find more information about firewalld here

Tree

Proudly powered by Katapult. Running on 100% renewable energy.