Barrack API Documentation
  1. security
Barrack API Documentation
  • Platform Documentation
    • "Authentication & Access"
    • "Getting Started"
    • "Platform Documentation"
    • "Troubleshooting"
    • vm
      • "Advanced Configuration"
      • "Boot Source Configuration"
      • "GPU Configuration"
      • "Region Selection"
      • "SSH Key Configuration"
      • "VM States & Billing"
    • storage
      • "Managing Volumes"
      • "Storage Management"
    • ssh
      • "Creating SSH Keys"
      • "Importing SSH Keys"
      • "Managing SSH Keys"
    • security
      • "Attaching Firewalls to VMs"
      • "Firewall Management"
      • "Firewall Rules"
    • dashboard
      • "Dashboard Overview"
      • "VM Management"
    • backup
      • "Creating Snapshots"
      • "Custom Images"
      • "Managing Snapshots"
      • "Restoring Snapshots"
      • "Snapshots Management"
    • account
      • "Credits System"
      • "Account Management"
  • Balance
    • Get credit balance
      GET
  • GPU Stocks
    • Get GPU stock availability
      GET
  • GPU Specs
    • Get GPU specifications
      GET
  • Regions
    • List available regions
      GET
  • Pricing
    • Get pricing information
      GET
    • Get pricing information
      POST
  • Deploy Instance
    • Create a new instance
      POST
  • Instance management
    • List instances
      GET
    • Delete instance
      DELETE
    • Get instance billing
      GET
    • Hibernate instance
      POST
    • Reboot instance
      POST
    • Restore hibernated instance
      POST
    • Start instance
      POST
    • Stop instance
      POST
    • Toggle public IP for instance
      POST
    • Get instance details
      GET
    • Get hibernated instances count
      GET
    • Add instance security rule
      POST
    • Remove instance security rule
      DELETE
  • OS Images
    • List OS images
  • SSH Keys
    • List SSH keys
    • Create SSH key
    • Get SSH key
    • Delete SSH key
  • Scripts
    • List all startup scripts
    • Create a startup script
    • Get startup script details
    • Update a startup script
    • Delete a startup script
    • Delete multiple startup scripts
  • Firewalls
    • List firewalls
    • Get firewall details
    • Attach firewall to instances
    • Get firewalls attached to instance
    • Delete firewall
    • Remove firewall rule
    • Add firewall rule
    • Create firewall
    • Get supported protocols
    • List instances available for firewall attachment
    • List instances available for firewall attachment
  • Snapshots
    • List snapshots
    • Get snapshot billing
    • List Instance eligible for snapshot creation
    • Get snapshot details
    • Delete snapshot
    • Restore snapshot
    • Create snapshot
    • Create snapshot
    • Get snapshot billing
  • Images
    • List custom images
    • Get image details
    • Delete custom image
    • Create image from snapshot
    • Get snapshot-image relationship
    • Get snapshot-image relationship list
  • AI Chat
    • Chat with AI
    • Get AI usage summary
    • Get AI usage history
    • Get available AI models
  • Volumes
    • Attach volumes to instance
    • Detach volumes from instance
    • Clone volume
    • Resize volume
    • Get volume billing
    • List available volume types
    • List volumes
    • Create volume
    • Get volume details
    • Delete volume
  • Virtual Machines
    • Get firewalls attached to instance
    • Remove instance security rule
    • List Instance eligible for snapshot creation
  • Schemas
    • AITransaction
    • AddFirewallRuleRequest
    • AddFirewallRuleResponse
    • AddVMSecurityRuleResponse
    • AttachFirewallRequest
    • AggregatedBillingResponse
    • AttachFirewallResponse
    • AttachVolumesRequest
    • AttachVolumesResponse
    • AttachedFirewall
    • BatchSnapshotImageRelationshipResponse
    • Balance
    • Billing
    • ChatCompletionsRequest
    • ChatCompletionsResponse
    • CloneVolumeRequest
    • BillingRecord
    • CloneVolumeResponse
    • BillingSummary
    • CreateFirewallRequest
    • CreateFirewallResponse
    • CreateImageFromSnapshotRequest
    • CreateSSHKeyRequest
    • CreateScriptRequest
    • CreateSnapshotRequest
    • CreateSnapshotResponse
    • CreateSSHKeyResponse
    • CurrencyEnum
    • Data
    • CreditBalanceResponse
    • DeleteFirewallResponse
    • CreateVolumeRequest
    • DeleteSnapshotResponse
    • CreateVolumeResponse
    • DeleteVMResponse
    • DetachVolumesRequest
    • DetachVolumesResponse
    • DeploymentRequest
    • DirectionEnum
    • DeploymentResponse
    • EthertypeEnum
    • ErrorResponse
    • FirewallAttachment
    • DeleteVolumeResponse
    • DeleteSSHKeyResponse
    • FirewallEnvironment
    • FirewallResponse
    • FirewallRule
    • FirewallVM
    • GetBatchSnapshotImageRelationshipsRequest
    • GetFirewallDetailsResponse
    • GPUStockConfiguration
    • GPUSpec
    • GetHibernatedVMsResponse
    • GPUStockItem
    • GPUSpecsResponse
    • GetSupportedProtocolsResponse
    • GPUStocksResponse
    • GetVMAttachedFirewallsResponse
    • GetVolumeTypesResponse
    • HibernateVMResponse
    • HibernationBillingMetrics
    • ListFirewallsResponse
    • ListUserVMsResponse
    • ListVMsResponse
    • ModelsResponse
    • GetSSHKeysResponse
    • Pagination
    • PricingRequest
    • OSImage
    • PricingResponse
    • OSImagesResponse
    • Protocol
    • GpuCountEnum
    • ProtocolEnum
    • Image
    • GpuModelEnum
    • GetVolumeDetailsResponse
    • RebootVMResponse
    • ImageCreateResponse
    • RecentHibernation
    • ImageDeleteResponse
    • GetVolumesWithNextNameResponse
    • RemoveFirewallRuleResponse
    • ImageDetailResponse
    • RemoveVMSecurityRuleResponse
    • Region
    • ImageListResponse
    • ResizeVolumeRequest
    • RegionsResponse
    • Price
    • ResizeVolumeResponse
    • ResourceTypeEnum
    • RestoreSnapshotRequest
    • RestoreSnapshotResponse
    • RestoreVMResponse
    • Snapshot
    • SnapshotImageRelationshipResponse
    • Specs
    • StartVMResponse
    • StopVMResponse
    • TierEnum
    • UpdateScriptRequest
    • UsageHistoryResponse
    • UsageSummaryResponse
    • RegionEnum
    • UserVM
    • VMDetailsResponse
    • VMFlavor
    • VMImage
    • VMInstance
    • VMResponse
    • SpecsMetadata
    • VMSecurityRule
    • VMSecurityRuleRequest
    • VMStatus
    • VMVolumeAttachment
    • Script
    • VolumeTypeEnum
    • SSHKeyResponse
    • ScriptListResponse
    • ToggleVMPublicIPResponse
    • VolumeBillingRecord
    • VolumeBillingSummary
    • VolumeHourlyBillingResponse
    • VolumeResponse
  1. security

"Firewall Rules"

Firewall rules define what network traffic is allowed to and from your virtual machines.
Each firewall rule consists of several components that work together to control network traffic:
Traffic Direction
Direction Control
Ingress: Incoming traffic to your VM
Egress: Outgoing traffic from your VM
Rules can be specific to direction
Different rules may apply for each direction
Protocol Specification
Protocol Types
TCP: Reliable connection-based protocols
UDP: Connectionless, fast protocols
ICMP: Network diagnostic and control messages
Protocol determines available configuration options

Core Rule Elements#

Direction
Protocol
IP Version
Traffic Flow Control
Ingress (Incoming)
Controls traffic coming into your VM
Typical for services your VM provides
Examples: Web servers, databases, SSH access
Source IP restrictions apply to incoming connections
Egress (Outgoing)
Controls traffic leaving your VM
Typical for services your VM consumes
Examples: API calls, database connections, internet access
Destination IP restrictions apply to outgoing connections

Adding Firewall Rules#

To add a rule to an existing firewall:
1
Access Rule Management
From the firewall details page or click "Add Rule" button on firewall card
2
Configure Direction
Select traffic direction:
Ingress: For incoming traffic (most common)
Egress: For outgoing traffic
3
Select Protocol
Choose the appropriate protocol:
TCP: For web services, SSH, databases
UDP: For DNS, streaming, real-time applications
ICMP: For ping and network diagnostics
4
Set IP Version
Choose IP version:
IPv4: Standard choice for most applications
IPv6: For modern applications requiring IPv6
5
Configure IP Range
Enter remote IP range in CIDR format:
Specific IP: 203.0.113.1/32
IP Range: 192.168.1.0/24
All IPs: 0.0.0.0/0 (IPv4) or ::/0 (IPv6)
6
Set Port Range (TCP/UDP only)
For TCP and UDP protocols, specify port ranges:
Single Port: Set both min and max to same value
Port Range: Set minimum and maximum ports
Port Numbers: Must be between 1 and 65535
7
Save Rule
Click "Add Rule" to save the configuration

Port Range Specifications#

For TCP and UDP protocols, you must configure port access:

Port Configuration Requirements#

Common Port Configurations#

Single Ports
Port Ranges
Well-Known Ports
Specific Service Ports
ServiceProtocolPortMin/Max Setting
SSHTCP22Min: 22, Max: 22
HTTPTCP80Min: 80, Max: 80
HTTPSTCP443Min: 443, Max: 443
MySQLTCP3306Min: 3306, Max: 3306
PostgreSQLTCP5432Min: 5432, Max: 5432
RedisTCP6379Min: 6379, Max: 6379

IP Range Validation#

Remote IP ranges must follow CIDR notation for proper network specification:

IPv4 CIDR Examples#

IPv6 CIDR Examples#

CIDR Validation Rules#

IPv4 Validation
IPv6 Validation

Common Rule Configurations#

Web Server Rules#

Basic Web Server
API Server
HTTP/HTTPS Traffic
PurposeDirectionProtocolPortRemote IPUse Case
Public HTTPIngressTCP800.0.0.0/0Public website
Public HTTPSIngressTCP4430.0.0.0/0Secure website
SSH AccessIngressTCP22Your IP/32Server management
Health CheckIngressTCP80Load balancer IPMonitoring

Database Server Rules#

MySQL Database
PostgreSQL Database

Application-Specific Rules#

Jupyter Notebook
Docker Registry
Monitoring Services
Data Science Environment
Purpose: Jupyter Web Interface
Direction: Ingress
Protocol: TCP
Port: 8888
Remote IP: Your IP address or trusted network
Security: Use strong password and HTTPS

Network Diagnostic Rules#

ICMP Rules
Network Diagnostics
Ping Access:
Direction: Ingress
Protocol: ICMP
IP Range: Your network or 0.0.0.0/0
Use: Network connectivity testing
Traceroute Support:
Essential for network troubleshooting
Helps diagnose connectivity issues
Useful for performance analysis
Management Access
Administrative Access
SSH Access:
Direction: Ingress
Protocol: TCP
Port: 22
IP Range: Admin IPs only
Use: Secure server management
VPN Access:
Consider VPN for enhanced security
Reduces public IP exposure
Centralized access control

Security Best Practices#

Rule Design Principles#

1
Start Restrictive
Begin with the most restrictive rules and gradually open access as needed
2
Document Purpose
Add clear descriptions to rules explaining their purpose and requirements
3
Use Specific IPs
Avoid 0.0.0.0/0 unless public access is truly required
4
Regular Review
Periodically audit rules and remove unnecessary access

Common Security Mistakes#

Rule Testing and Validation#

Testing New Rules
Troubleshooting Rules
Previous
"Firewall Management"
Next
"Dashboard Overview"
Built with