In cloud hosting, a firewall acts as a gatekeeper — controlling all inbound and outbound traffic to your server instances. It filters based on IP addresses, protocol (TCP/UDP), and port numbers, allowing only intended traffic (e.g. HTTP/HTTPS, SSH) and blocking everything else. This reduces attack surface, mitigates brute-force or port-scanning attacks, and protects sensitive services (databases, admin ports) from public exposure.