Database Firewall
The database firewall controls which outside IP addresses are allowed to connect to a public database.
Plain English A firewall is a gate. Public access opens a road to the database. Firewall rules decide who is allowed to use that road.
When firewall rules matter
Firewall rules matter when public access is enabled.
If public access is off, outside computers cannot connect to the database anyway. Apps running inside DockHosting should use the private/internal database connection instead.
Allow-list
An allow-list is the list of IP addresses allowed through the firewall.
Examples:
203.0.113.10
198.51.100.24Only those addresses can connect from outside.
CIDR ranges
CIDR lets you allow a range of IP addresses.
Example:
203.0.113.0/24That allows every address from 203.0.113.0 through 203.0.113.255.
Be careful with ranges A single IP is safer than a large range. Use ranges only when your provider or office network really needs them.
Common rules
| Rule | What it means |
|---|---|
203.0.113.10 | Allow one computer/server |
203.0.113.0/24 | Allow a small network range |
| Empty allow-list | Block all outside connections |
Safe setup
- Enable public access only if you need it.
- Add your current IP address to the firewall.
- Test the connection.
- Remove old IPs when you no longer need them.
- Disable public access when external access is no longer needed.
What not to do
Do not allow the whole internet
Rules like 0.0.0.0/0 mean “everyone.” Do not use them for a
database unless you fully understand the risk and have another strong security
layer in front.
If your connection still fails
Check these:
- public access is enabled
- your current IP is in the firewall
- you are using the public hostname and port
- your database username and password are correct
- your local network or VPN is not changing your outgoing IP