# Server Firewall

### **Stage 1: Temporary Access for Initial Deployment**

#### **Purpose:**

To log in to the server and execute initial installation commands.

#### **Action:**

* In your cloud provider's firewall settings (e.g., AWS Security Group), add an inbound rule to allow SSH (TCP port 22) traffic from **your current public IP address**.
* **Security Tip:** This rule is temporary. Do not open the SSH port to all IPs (`0.0.0.0/0`), as this poses a significant security risk.

### **Stage 2: Configure Core Node Communication Port (17610)**

#### **Purpose:**

To allow your node to interact with the Nexus network and to allow you to access the management dashboard.

#### **Action:**

You need to add an inbound rule to allow TCP traffic to port `17610` from the following sources:

* **Source 1 (Protocol Communication):** `47.75.255.16/32` and `47.244.122.30/32`. These are the addresses for Nexus's core relay network. Your node must be able to receive instructions from these addresses to function correctly.
* **Source 2 (Personal Management):**`Your current public IP address`.This IP will be allowed to access port 17610 on your server`http://<Your-Server-IP>:17610`from your personal network.

<figure><img src="https://images.swap.dotwallet.com/web_restrict/gitbook_api_img/image%20(6).png" alt=""><figcaption></figcaption></figure>

### **Stage 3: Security Hardening (After Successful Deployment)**

#### **Purpose:**

To remove unnecessary public entry points and significantly enhance server security.

#### **Action:**

After you have confirmed that your node is deployed and running stably, you **must perform the following critical step**:

* **Remove SSH Access Rule:** Return to your firewall settings and **delete or disable** the rule allowing SSH (port 22) access that you created in Stage 1.

<figure><img src="https://images.swap.dotwallet.com/web_restrict/gitbook_api_img/image%20(2-1).png" alt=""><figcaption></figcaption></figure>

* **How to manage the server after closing SSH?** You will no longer connect via public SSH. Instead, you should **rely exclusively on the secure, in-browser management tools provided by your cloud provider** (e.g., AWS Session Manager, Linode Lish Console), which is the industry-recommended best practice.

<figure><img src="https://images.swap.dotwallet.com/web_restrict/gitbook_api_img/image%20(7).png" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.on.nexus/dotswap/developers/nexus-protocol/deployment-guide/server-firewall.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.