[Updated] Cloud Firewall docs for NodeBalancer functionality (linode#6716)

* [Updated] Cloud Firewall docs for NodeBalancer functionality

* [Updated] Update Cloud Firewall Status guide with new screenshots

Author: jddocs

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "git.autorefresh": false
+}

docs/products/compute/compute-instances/guides/troubleshooting-firewall-issues/firewall-listing-non-cmr.jpg

@@ -3,7 +3,7 @@ title: Troubleshooting Firewall Issues on Compute Instances
 description: This guide presents troubleshooting strategies for Compute Instances that may be unresponsive due to issues caused by a firewall.
 keywords: ["Linode troubleshooting", "Cloud Firewall", "Firewall","troubleshoot"]
 published: 2020-08-04
-modified: 2023-03-14
+modified: 2023-11-01
 modified_by:
   name: Linode
 bundles: ['troubleshooting']
@@ -38,24 +38,24 @@ Ensure that your Compute Instance is powered on and running.
 
 ## Is there a Cloud Firewall Assigned to my Compute Instance?
 
-If you are using Cloud Firewall, then it's important to verify which Cloud Firewall(s) your Compute Instance is assigned to and to check its Cloud Firewall rules.
+If you are using Cloud Firewalls, then it's important to verify which Cloud Firewall(s) your Compute Instance is assigned to and to check its Cloud Firewall rules. Likewise, if your Compute Instance is sitting behind a NodeBalancer, you may want to investigate whether or not that NodeBalancer is assigned to any Cloud Firewalls. Note that only inbound rules apply to NodeBalancers.
 
 1.  Log into [Cloud Manager](https://cloud.linode.com) and select **Firewalls** from the menu.
 
-1.  The Firewalls Listing page displays a list of all the Cloud Firewalls currently active on your account.
+1.  The Firewalls listing page displays a list of all the Cloud Firewalls currently active on your account.
 
-1.  Find the Compute Instance you are troubleshooting under the **Linodes** column to determine which Cloud Firewall(s) is assigned to it.
+1.  Find the Compute Instance or NodeBalancer you are troubleshooting under the **Services** column to determine which Cloud Firewall(s) is assigned to it.
 
-1.  Next, check the **Status** column to confirm that the Cloud Firewalls is **Enabled**.
+1.  Next, check the **Status** column to confirm that the Cloud Firewall is **Enabled**.
 
-    ![firewall-home](firewall-listing-non-cmr.png)
+    ![firewall-home](firewall-listing-non-cmr.jpg)
 
-1.  If the Cloud Firewall is enabled, check what rules are currently active by clicking on the label of the Cloud Firewall. This takes you to your Cloud Firewall's **Rules** page.
+1.  If the Cloud Firewall is enabled, check to see which rules are currently active by clicking on the label of the Cloud Firewall. This takes you to your Cloud Firewall's **Rules** page.
 
-1.  The **Rules** page displays a list of all of the Cloud Firewall rules that are filtering your Compute Instance's network traffic. If you notice that the Cloud Firewall rules do not allow traffic for a specific service's port that you are troubleshooting, you may consider [updating your rule's](/docs/products/networking/cloud-firewall/get-started/#edit-cloud-firewall-rules) to allow connections for that port.
+1.  The **Rules** page displays a list of all of the Cloud Firewall rules that are filtering your service's network traffic. If you notice that the Cloud Firewall rules do not allow traffic for a specific service's port that you are troubleshooting, you may consider [updating your rule's](/docs/products/networking/cloud-firewall/get-started/#edit-cloud-firewall-rules) to allow connections for that port.
 
     {{< note >}}
-    If the Cloud Firewall is assigned to more than one Compute Instance, modifying the Cloud Firewall rules affect all Compute Instances assigned to the Cloud Firewall.
+    If the Cloud Firewall is assigned to more than one Compute Instance or NodeBalancer, modifying the Cloud Firewall rules affect all services assigned to the Cloud Firewall.
     {{< /note >}}
 
     {{< note >}}

docs/products/compute/compute-instances/guides/troubleshooting-firewall-issues/index.md

@@ -3,39 +3,41 @@ title: Cloud Firewall
 title_meta: "Cloud Firewall Product Documentation"
 description: "Linode Cloud Firewall offers a simple interface to protect your web apps. It is scalable security in seconds, allowing you to create custom firewall rules, making security more accessible."
 bundles: ['debian-security', 'centos-security', 'network-security']
-modified: 2022-07-13
+modified: 2023-11-01
 tab_group_main:
     is_root: true
     title: Overview
     weight: 10
 cascade:
     date: 2020-11-10
-    product_description: "A free cloud-based firewall service that makes it easy to secure network traffic to and from Compute Instances."
+    product_description: "A free cloud-based firewall service that makes it easy to secure network traffic."
 aliases: ['/guides/platform/cloud-firewall/','/platform/cloud-firewall/']
 ---
 
-Linode’s Cloud Firewall is a robust cloud-based firewall solution available at no additional charge for Linode customers. Through this service, you can create, configure, and add stateful network-based firewalls to any Linode Compute Instance.
+Linode’s Cloud Firewall service is a robust cloud-based firewall solution available at no additional charge for Linode customers. Through this service, you can create, configure, and add stateful network-based firewalls to Linode Compute Instances and NodeBalancers.
 
 ## Enhanced Security
 
-A Cloud Firewall sits between a Compute Instance and the Internet and can be configured to filter out unwanted network traffic before it even reaches your server. Defend your apps and services from malicious attackers by creating rules to only allow traffic from trusted sources. Firewall rules can filter traffic at the network layer, providing fine-grained control over who can access your servers.
+A Cloud Firewall sits between a service (Compute Instance or NodeBalancer) and the Internet and can be configured to filter out unwanted network traffic before it even reaches your server. Defend your apps and services from malicious attackers by creating rules to only allow traffic from trusted sources. Firewall rules can filter traffic at the network layer, providing fine-grained control over who can access your servers.
 
 ## Simple Interface
 
-Control inbound and outbound traffic using the [Linode API](/docs/api/networking), [Linode CLI](/docs/products/tools/cli/get-started/) or [Cloud Manager](https://www.linode.com/products/cloud-manager/). Each interface can be integrated into your workflow for seamless control over firewall rules. Cloud Firewall make security more accessible and enables you to secure your network traffic without needing to learn complicated software or even access the command line.
+Control inbound and outbound traffic using the [Linode API](/docs/api/networking), [Linode CLI](/docs/products/tools/cli/get-started/) or [Cloud Manager](https://www.linode.com/products/cloud-manager/). Each interface can be integrated into your workflow for seamless control over firewall rules. The Cloud Firewall service makes security more accessible and enables you to secure your network traffic without needing to learn complicated software or access the command line.
 
 ## Scalable Security in Seconds
 
-Stay protected as your network grows. Effortlessly apply the same ruleset across multiple Compute Instances. This saves time as you no longer need to manually configure internal software on each server.
+Stay protected as your network grows. Effortlessly apply the same ruleset across multiple Compute Instances and NodeBalancers. This saves time as you no longer need to manually configure internal software on each server.
 
 ## Pricing and Availability
 
 Cloud Firewalls are available at no charge across [all regions](https://www.linode.com/global-infrastructure/).
 
 ## Limits and Considerations
 
-- Cloud Firewalls are **compatible with all Linode Compute Instances**. They are not currently directly supported on other Linode services, such as NodeBalancers or Object Storage.
-- A Cloud Firewall can be attached to multiple Compute Instances but a Compute Instance can only be attached to one *active* (enabled) Cloud Firewall at a time.
+- Cloud Firewalls are **compatible with Linode Compute Instances and NodeBalancers**. They are not currently directly supported on other Linode services, such as Object Storage.
+- A Cloud Firewall can be attached to multiple services (Compute Instances or NodeBalancers), but a service can only be attached to one *active* (enabled) Cloud Firewall at a time.
+- A Cloud Firewall’s inbound and outbound rules are applied to Compute Instances, but only inbound rules are applied to NodeBalancers.
+- When used in conjunction with NodeBalancers, a Cloud Firewall’s inbound rules only apply to the NodeBalancer's public IP, not the IPs of the backend nodes. This means you may also want to add individual backend nodes to a Cloud Firewall to protect any additional exposed IP addresses.
 - Cloud Firewall rules are applied to traffic over the public and private network but are not applied to traffic over a private [VLAN](/docs/products/networking/vlans/).
 - A maximum of **25 rules** can be added to each Cloud Firewall (both Inbound and Outbound rules combined).
 - A maximum of **255 IP addresses (and ranges)** can be added to each Cloud Firewall rule.

docs/products/networking/cloud-firewall/_index.md

@@ -7,27 +7,35 @@ tab_group_main:
 aliases: ['/platform/cloud-firewall/getting-started-with-cloud-firewall/','/guides/getting-started-with-cloud-firewall/']
 keywords: ["firewall", "cloud firewall", "security", "securing"]
 tags: ["cloud manager","linode platform","security","networking"]
-modified: 2022-07-14
+modified: 2023-11-01
 ---
 
-Linode's free Cloud Firewall service can be used to create, configure, and add stateful network-based firewalls to Linode services. A Cloud Firewall is independent of the service it is attached to and can be applied to multiple services.
+Linode’s free Cloud Firewall service can be used to create, configure, and add stateful network-based firewalls to Linode services. A Cloud Firewall is independent of the service it is attached to and can be applied to multiple services. Cloud Firewalls are compatible with Linode Compute Instances and NodeBalancers.
 
 ## Create a Cloud Firewall
 
-There are two main options to consider when deciding how to protect your Linode Compute Instances: installing a firewall software on your system or using Linode's Cloud Firewall service. While both are robust solutions, a major benefit to using Cloud Firewalls is the ease of configuration. Cloud Firewalls can be created and managed through the Cloud Manager, Linode CLI, or Linode API.
+There are two main options to consider when deciding how to protect your Linode Compute Instances: installing firewall software on your system or using Linode's Cloud Firewall service. While both are robust solutions, a major benefit to using Cloud Firewalls is the ease of configuration. Cloud Firewalls can be created and managed through the Cloud Manager, Linode CLI, or Linode API.
 
 - [Create a Cloud Firewall](/docs/products/networking/cloud-firewall/guides/create-a-cloud-firewall/)
 
 - [Comparing Cloud Firewalls to Linux Firewall Software](/docs/products/networking/cloud-firewall/guides/comparing-firewalls/)
 
+{{< note >}}
+NodeBalancers do not support the installation of firewall software. If you wish to configure inbound firewall rules for your NodeBalancer, we recommend using the Cloud Firewall service.
+{{< /note >}}
+
 ## Manage Firewall Rules
 
 A Cloud Firewall analyzes traffic against a set of user-defined rules. The firewall can be configured to implicitly *accept* or *drop* all *inbound* or *outbound* traffic. Individual rules can be added to further accept or drop specific traffic, such as over certain ports or to/from a certain IP address.
 
 - [Manage Cloud Firewall Rules](/docs/products/networking/cloud-firewall/guides/manage-firewall-rules/)
 
+{{< note >}}
+Outbound firewall rules are not applied to NodeBalancers.
+{{< /note >}}
+
 ## Apply to Compute Instances
 
-To start using a Cloud Firewall to protect your services, you can apply it to Compute Instances. Each Cloud Firewall can be applied to multiple Compute Instances, but a Compute Instance can only belong to a single Cloud Firewall.
+To start using a Cloud Firewall to protect your services, you can apply it to Compute Instances or NodeBalancers. Each Cloud Firewall can be applied to multiple services, but a service can only belong to a single Cloud Firewall.
 
-- [Apply a Cloud Firewall to a Compute Instance](/docs/products/networking/cloud-firewall/guides/apply-to-compute-instances/)
+- [Apply a Cloud Firewall to a Service](/docs/products/networking/cloud-firewall/guides/apply-to-service/)

docs/products/networking/cloud-firewall/get-started/index.md

@@ -0,0 +1,33 @@
+---
+title: "Apply Firewall Rules to a Service"
+description: "Learn how to add and remove services from Cloud Firewalls."
+aliases: ['/products/networking/cloud-firewall/guides/assign-firewall/', '/products/networking/cloud-firewall/guides/apply-to-compute-instances/']
+authors: ["Linode"]
+modified: 2023-11-01
+---
+
+Each Cloud Firewall can be applied to multiple services (Compute Instances or NodeBalancers). Use the steps below to view and modify the services utilizing a Cloud Firewall.
+
+1. Log into your [Cloud Manager](https://cloud.linode.com/) and select **Firewalls** from the navigation menu.
+
+1. From the **Firewalls** listing page, click on the Cloud Firewall that you would like to use. This takes you to the **Rules** page for that Firewall.
+
+1. Click either the **Linodes** or **NodeBalancers** tab to see a list of the respective services currently using the Cloud Firewall.
+
+![Screenshot of the list of Compute Instances attached to the Cloud Firewall](compute-instances-attached-to-firewall.jpg)
+
+## Add a Service
+
+To add a service to this firewall, select either the **Linodes** or **NodeBalancers** tab, and click on the **Add Linodes/NodeBalancers to Firewall** button. In the form that appears, select the desired service from the dropdown menu and click **Add**. Once added, all rules configured on the Cloud Firewall are applied to the selected service. Note that only inbound rules are applied to NodeBalancers.
+
+{{< note >}}
+You can apply the Cloud Firewall to more than one Linode service at a time. Repeat this process to add additional Compute Instances or NodeBalancers.
+{{< /note >}}
+
+{{< note type="alert" >}}
+If [Network Helper](/docs/products/compute/compute-instances/guides/network-helper/) has been disabled on your Compute Instance and the internal networking configuration uses DHCP for IPv4 address assignment, some additional firewall rules are necessary. You must edit the Cloud Firewall to allow DHCP traffic through port 67 and 68. If needed, a full list of IP addresses for our DHCP servers can be found in our [DHCP IP Address Reference Guide](/docs/guides/dhcp-ip-address-reference/).
+{{< /note >}}
+
+## Remove a Service
+
+To remove a Compute Instance or NodeBalancer, locate the service within the list and click the **Remove** link. Once removed, the rules configured on the Cloud Firewall are no longer applied to the service and, as such, the service may be less protected against malicious traffic or attacks.