Skip to main content

Security groups on Nubis

If your Nubis Console currently exposes these controls as firewalls, treat this guide as the same operating model: define reusable traffic policy, attach it intentionally, and keep public access narrow.

What to allow

  • Public ingress only for the ports that truly need it
  • Private east-west traffic only where services must communicate
  • Administrative access from trusted source ranges
  • Outbound rules that reflect the workload’s real dependencies

Operating pattern

1

Describe the traffic intent first

Decide what must be reachable from the internet, from internal services, and from operators.
2

Create a narrow rule set

Start small and explicit, then expand only when there is a validated need.
3

Review after each topology change

Revisit the rule set whenever you add a new subnet, instance role, or load balancer path.