Dynamic Firewall¶
The most important part of the network security model is the system firewall.
The platform uses a dynamic firewall which does not open a fixed set of ports but adapts to the applications installed, only allowing such traffic as the specific set of running services require.
If an application is stopped, it’s ports are automatically closed. This creates a default block list firewall which pinholes only those ports required for the operation of the specific setup in use.
The firewall is one of the very first services the platform brings up and among the very last it shuts down in order maximize the network security.
Where possible, the firewall will also ratelimit connections to services to prevent abuse (see the section: Prevention of DOS attacks for more details).