Second Brain

❯

❯

cleanup 2026 04 17 conversation flush bulk

❯

❯

❯

hostinger cloud firewall is upstream gate not ufw

hostinger-cloud-firewall-is-upstream-gate-not-ufw

Apr 16, 20261 min read

ops/security
infra/networking

hostinger-cloud-firewall-is-upstream-gate-not-ufw

Hostinger’s cloud firewall (configured via VPS panel / MCP getFirewallListV1) operates upstream of the VM and blocks all ports except 22/80/443/18789/ICMP before packets reach the VPS. UFW is a second in-VM layer; Docker bypasses UFW but not the cloud firewall. The real defense-in-depth order is: Hostinger cloud firewall → DOCKER-USER iptables chain → UFW → container.

Related

docker-iptables-bypasses-ufw-requires-docker-user-chain
docker-iptables-bypasses-ufw-docker-user-chain-required
docker
researchclaw-dedicated-container-isolation-requirement
researchclaw-must-run-in-dedicated-container-for-sandboxing
hostinger-cloud-firewall-is-upstream-gate-docker-bindings-no
hairpin-nat-test-invalid-for-external-port-exposure-check
hairpin-nat-makes-vps-self-port-tests-unreliable

Graph View

hostinger-cloud-firewall-is-upstream-gate-not-ufw
Related

Backlinks

docker-iptables-bypasses-ufw-docker-user-chain-required
docker-iptables-bypasses-ufw-requires-docker-user-chain
hostinger-cloud-firewall-is-upstream-gate-docker-bindings-no
researchclaw-dedicated-container-isolation-requirement
researchclaw-must-run-in-dedicated-container-for-sandboxing
hairpin-nat-makes-vps-self-port-tests-unreliable
hairpin-nat-test-invalid-for-external-port-exposure-check

Created with Quartz v4.5.2 © 2026

CIOS
Mission Control