Create Resources

Resources define subnets, IP addresses, or DNS names you wish to manage access for.

To create a Resource, go to Sites -> <site name> -> Add a Resource.

From there, you can select the type of Resource you want to create:

• DNS: A domain name pattern to match.
  • By default, the pattern will only match exactly the name you enter.
  • To recursively match all subdomains, use a wildcard, such as *.example.com. This will match example.com, sub2.example.com, and sub1.sub2.example.com.
  • To non-recursively match all subdomains, use a question mark, such as ?.example.com. This will match example.com, sub1.example.com, and sub2.example.com but not sub1.sub2.example.com.
• IP: A single IPv4 or IPv6 address
• CIDR: A range of IPv4 or IPv6 addresses in CIDR notation, such as 10.1.2.0/24 or 2001:db8::/48

You can specify optional port range(s) and protocols on the Resource for finer access control, useful for restricting certain services while allowing others. Supported protocols currently include ICMP, TCP, and UDP.

One popular use case for traffic restrictions is segmenting access to individual services on a host. To do this, simply create a Resource for each service on the host you want to allow access to, and add the appropriate traffic restrictions to each one.

For example, create an Resource with the TCP/22 restriction to allow SSH access for your DevOps team, then add another Resource with the TCP/443 restriction to allow access to an HTTPS service for the rest of your organization.