Firewall Configuration

Securing your RayDB PostgreSQL cluster is essential to prevent unauthorized access. This guide explains how to configure firewall settings to allow only trusted connections.

Default Security Settings

By default, all new clusters have no restrictions. Any IP can connect unless firewall settings are configured to restrict access.

Configuring Allowed IP Ranges

To grant access to specific clients, follow these steps:

1. Log in to the RayDB Dashboard.
2. Navigate to the Clusters section and select the cluster you want to configure.
3. Locate the Allowed IP Ranges section in the Cluster Overview.
4. Click Change to update the list of allowed IPs.
5. Enter the CIDR ranges that should have access. If adding a single IP, use CIDR notation (e.g., 192.168.1.100/32 to allow only 192.168.1.100).
6. Click Save Changes to apply the new rules.

Removing Access

If you need to revoke access:

1. Locate the CIDR range in the Allowed IP Ranges section.
2. Click the "-" button next to the range.
3. Confirm the removal to apply changes immediately.

Using Dynamic IPs

If your connection comes from a dynamic IP, consider using a VPN or a fixed bastion host to maintain secure and stable access.

Verifying Access

To check if your firewall settings are correctly applied:

• Use psql or another database client to attempt a connection.
• If access is denied, verify that your current IP is within an allowed CIDR range.
• Check logs in the RayDB dashboard for connection attempts.

Best Practices

• Allow Only Trusted IP Ranges: Limit access to known CIDR ranges.
• Use VPN for Remote Access: If working from multiple locations, use a VPN.
• Regularly Review Firewall Rules: Periodically audit and update allowed IPs.

For further details on connecting securely, refer to the Connection Strings documentation.