ByteInternet · tdgroot · Apr 1, 2025 · Jan 17, 2025 · Feb 7, 2025 · Mar 4, 2025
diff --git a/docs/best-practices/firewall.md b/docs/best-practices/firewall.md
@@ -0,0 +1,75 @@
+---
+myst:
+  html_meta:
+    description: How can you whitelist an IP address
+    title: Firewall
+---
+
+# Firewall
+
+In the text below we will explain how you can add an IP to the whitelist by using the control panel or CLI (command-line interface). Whitelisting an IP can be for multiple reasons like, connecting via FTP, connecting to a database or for security scans like ForusP.
+
+## Adding IP Addresses in the allowlist via the control panel for FTP, WAF and database
+
+Follow these steps to whitelist an IP addresses for FTP:
+
+- Go to the [control panel](https://my.hypernode.com)
+- Log in with your credentials
+- Once logged in, select the Hypernode you wish to configure
+- Click on **Allowlist** from the menu
+- Select **Rule type** and choose here for example **FTP** from the dropdown
+- Enter the IP address you want to add to the whitelist
+- Provide a descriptive name for the entry for example **OfficeArnhem**. Use descriptive names when adding entries to help identify their purpose in the future.
+- Click on **Save** to apply the changes
+
+### Adding IP Addresses by using CLI
+
+For users comfortable with the CLI, you can add the IP addresses directly on the server. This requires logging into the server using SSH.
+
+```bash
+hypernode-systemctl whitelist add ftp 1.2.3.4 --description "OfficeArnhem"
+```
+
+If you want to remove an added registration, use the command below:
+
+```bash
+hypernode-systemctl whitelist remove ftp 1.2.3.4
+```
+
+## How to add ForusP to the whitelist
+
+To ensure that ForusP can perform their scan on your Hypernode without anyissues, the IP addresses associated with ForusP must be added to the Hypernode Web Application Firewall (WAF). The WAF acts as a layer of protection by filtering incoming traffic and blocking potential threats. Adding the necessary IP addresses to the allowlist ensures that the scanning process runs smoothly without interruptions. You can achieve this by either using the Hypernode Control Panel or by executing commands directly on the server using the command-line interface (CLI).
+
+### Adding IP Addresses in the allowlist via the Control Panel
+
+Follow these steps to add ForusP's IP addresses using the Hypernode Control Panel:
+
+- Go to to my.hypernode.com
+- Log in with your credentials
+- Once logged in, select the Hypernode you wish to configure
+- Click on **Allowlist** from the menu
+- Select **Rule type** and choose **WAF** from the dropdown
+- Enter the IP address you want to allow
+  IP addresses ForusP: **154.16.73.227** | **132.226.222.205** | **144.24.249.196**
+- Provide a descriptive name for the entry for example ForusP. Use descriptive names when adding entries to help identify their purpose in the future.
+- Click on **Save** to apply the changes
+
+Repeat the steps above to add the others. The IP addresses you add will become active within a few minutes, allowing ForusP to access your Hypernode environment without being blocked by the firewall.
+
+### Adding IP Addresses by using CLI
+
+For users comfortable with the command-line interface, you can add the IP addresses directly on the server. This requires logging into the server using SSH. Follow these steps:
+
+```bash
+hypernode-systemctl whitelist add waf 154.16.73.227 --description "ForusP"
+```
+
+```bash
+hypernode-systemctl whitelist add waf 132.226.222.205 --description "ForusP"
+```
+
+```bash
+hypernode-systemctl whitelist add waf 144.24.249.196 --description "ForusP"
+```
+
+By following the steps outlined above, you can ensure that ForusP has the necessary access to perform scans on your Hypernode environment without encountering any firewall-related issues. Proper configuration of the WAF helps maintain a secure and efficient system while allowing trusted services to operate seamlessly.