From 437246f631b92fa19cbc2524cb155496e3a79a4c Mon Sep 17 00:00:00 2001
From: Rocco B <roccob@gmail.com>
Date: Tue, 3 Jun 2025 08:18:30 -0700
Subject: [PATCH 1/3] Update firewall.md

info about ports 8000, 6000, 6001
---
 docs/knowledge-base/server/firewall.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/docs/knowledge-base/server/firewall.md b/docs/knowledge-base/server/firewall.md
index 86aecf718..d976e6af1 100644
--- a/docs/knowledge-base/server/firewall.md
+++ b/docs/knowledge-base/server/firewall.md
@@ -22,6 +22,28 @@ For self-hosting Coolify, you need to allow some ports on your firewall.
   internet after installation.
 :::
 
+### How to block ports 8000, 6000, 6001
+
+As long as you have access outside of http port 8000, uou can add the following `/data/coolify/source/docker-compose.custom.yml`:
+
+```
+services:
+  coolify: # blocks external 8000
+    ports: !reset []
+  soketi:   # blocks external external 6001 and 6002
+    ports: !reset []
+```
+
+Then run [installation](https://coolify.io/docs/get-started/installation) again. You can check these ports with nmap from your local machine to be sure they're closed.
+
+```
+nmap -Pn -p 8000,6001,6002 <your coolify IP>
+```
+
+### Other options
+You can use your vendor firewall (ex. Digital Ocean etc) as another layer of protection, because Docker apps sometimes break through. UFW unbeknownst to you. If you don't want to use vendor firewall, you can also try [ufw-docker](https://github.com/chaifeng/ufw-docker).
+
+
 ### GitHub integration
 - [Detailed Guide](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses).
 

From 6dfeb7bc348dd6f8e2191f578efa8035f4a31b38 Mon Sep 17 00:00:00 2001
From: Rocco B <roccob@gmail.com>
Date: Tue, 3 Jun 2025 08:21:13 -0700
Subject: [PATCH 2/3] Update firewall.md

---
 docs/knowledge-base/server/firewall.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/knowledge-base/server/firewall.md b/docs/knowledge-base/server/firewall.md
index d976e6af1..a504b58e8 100644
--- a/docs/knowledge-base/server/firewall.md
+++ b/docs/knowledge-base/server/firewall.md
@@ -30,7 +30,7 @@ As long as you have access outside of http port 8000, uou can add the following
 services:
   coolify: # blocks external 8000
     ports: !reset []
-  soketi:   # blocks external external 6001 and 6002
+  soketi:   # blocks external 6001, 6002
     ports: !reset []
 ```
 
@@ -68,4 +68,3 @@ Since 4.0.0-beta.336, you need to allow TCP port `6002` for terminal access on `
 If you need the public facing IPs to allow inbound connections to your servers, here is an up-to-date list of IPs that you can use to whitelist:
 
 - https://coolify.io/ipv4.txt
-- https://coolify.io/ipv6.txt

From f7bd9fa43281b388e240888285ba97f97d77cade Mon Sep 17 00:00:00 2001
From: Rocco B <roccob@gmail.com>
Date: Tue, 3 Jun 2025 08:22:33 -0700
Subject: [PATCH 3/3] Update firewall.md

---
 docs/knowledge-base/server/firewall.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/knowledge-base/server/firewall.md b/docs/knowledge-base/server/firewall.md
index a504b58e8..c78ae6e2c 100644
--- a/docs/knowledge-base/server/firewall.md
+++ b/docs/knowledge-base/server/firewall.md
@@ -68,3 +68,4 @@ Since 4.0.0-beta.336, you need to allow TCP port `6002` for terminal access on `
 If you need the public facing IPs to allow inbound connections to your servers, here is an up-to-date list of IPs that you can use to whitelist:
 
 - https://coolify.io/ipv4.txt
+- https://coolify.io/ipv6.txt