# Configuring Firewall

MariaDB Cloud services are firewall-protected.

Access to MariaDB Cloud services is managed on a per-service basis.

IPv4 addresses and IPv4 netblocks can be added to the allowlist to enable service access. Access from other addresses will be blocked.

## **Default**

By default, when a service is launched, its allowlist is empty. All external traffic to the service is blocked.

## **Secure Access Configuration**

To modify Secure Access settings:

1. Log in to the [Portal](https://app.skysql.com/dashboard).
2. Click the "Settings" link in the main menu (left navigation in the Portal).
3. Click the "Secure Access" button.

<figure><img src="/files/fpbWZZXpu2KYyYrBmRLf" alt=""><figcaption></figcaption></figure>

*Secure Access Settings*

Alternatively, you can access firewall settings for a specific service by clicking on the "MANAGE" button for the desired service, then choosing "Manage allowlist" from the menu.

<figure><img src="/files/7c5WNDWLDCHlGMFeyjeA" alt=""><figcaption></figcaption></figure>

*Allowlist dialog*

## **Add to the Allowlist**

IP addresses can be added to the allowlist from the Firewall settings interface or a service's Security Access interface:

1. Enter an IPv4 address or IPv4 netblock.
2. Optionally enter an alias for this address. An alias provides a way to remember why an address was added to the allowlist.
3. Click the "Save" button.

After saving the change, a [notification](/docs/mariadb-cloud/cloud-usage/notifications.md) will be provided when the change has been applied.

## **Remove From the Allowlist**

IP addresses can be removed from the allowlist from the Firewall settings interface or a service's Security Access interface:

1. Click the "X" button to the right of the entry to remove.
2. Click the "Save" button.

After saving the change, a [notification](/docs/mariadb-cloud/cloud-usage/notifications.md) will be provided when the change has been applied.

## **Edit an Allowlist Entry**

An allowlist entry can be edited from the Firewall settings interface or a service's Security Access interface:

1. Modify the IP address or alias of the desired allowlist entry.
2. Click the "Save" button.

After saving the change, a [notification](/docs/mariadb-cloud/cloud-usage/notifications.md) will be provided when the change has been applied.

## **IP Allowlist Limitations**

**AWS/Azure Services:**

* Allowlists exceeding 30 IP addresses are not permitted.

**GCP Services:**

* Same workflow as AWS/Azure, but with a limit of 200 IP addresses.

For allowlists requiring more than 30 IP addresses, please contact support.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mariadb.com/docs/mariadb-cloud/security/configuring-firewall.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.