Instructions for configuring Firewall rules for virtual servers in the HostRooster control panel.
What it is?
You are able to control network data packets and access to the server by using the firewall directly from the control panel. The price of the server includes this option and is not charged separately.
At the moment there is a limit of 50 rules, if this limit is not enough for you, then you can increase it upon request to technical support .
To avoid conflicting firewall rules and properly configure it, you need to understand how existing firewalls work. First, you can set up a firewall for the private network. Secondly, for the server through the control panel. Thirdly, you can set up an internal firewall, for example, for Linux via iptables, for Windows – built-in.
For incoming packets, the network layer firewall (if any) will be applied first. If the packet passed, then the firewall at the server level will be applied next, the internal software mechanism will be used last. For outgoing packets, the reverse sequence will be applied.
We do not recommend using a server-level firewall and an internal software firewall at the same time:
Create a rule
The firewall configuration is available for all VPS and is located in the server settings in the Firewall section.
– the order of the rules matters, the lower the order number of the rule (the higher it is in the list), the higher its priority. You can change the sequence of rules using Drag and Drop by dragging the rule with the left mouse button to the desired position;
– by default – all data packets, both incoming and outgoing, are allowed.
To create a rule, click the Add button :
You will see a window for adding a rule. The following fields must be filled in:
- Name – user-friendly name (no more than 50 characters), as a rule, briefly describes the purpose of the rule;
- Direction – the direction of the packets for which you want to apply the rule, takes one of two values: Incoming or Outgoing. Incoming – the rule applies to incoming data packets, Outgoing – to outgoing ones;
- Source/Destination – depending on the direction, contains the server IP address or one of the following values: IP address, CIDR, IP address range, and any;
- SourcePort/DestinationPort – when choosing the TCP, UDP or TCP and UDP protocol, it is possible to specify a port, a range of ports, or Any;
- Action – the action to be applied takes one of two values: Allow or Deny. Allow – permission to send data packets, Deny – prohibition of forwarding;
- Protocol – protocol type, available ANY, TCP, UDP, TCP and UDP and ICMP.
Click Save to create the rule .
In our example, the rule blocks all incoming packets to the server:
For the created rule to take effect, you must save the changes using the Save button . You can create multiple rules and then save them all at once:
After that, the page will look like this:
The lower the rule number (the higher it is in the list), the higher its priority. For example, after a deny rule has been created for all incoming traffic, let’s create a rule allowing incoming packets to be received on port 80 of the Tcp protocol. After saving the changes with this configuration, this port will still be unavailable, due to the fact that the deny rule has a higher priority:
To change the priority of the rules, drag the allowing rule to the first position with the left mouse button and save the changes:
After saving, the sequence numbers of the rules will change, and their priority will also change:
Now the firewall configuration allows you to receive packets via the Tcp protocol on port 80, other packets will not go through.
HostRooster is a leading web hosting solutions company. Since our founding in 2019, HostRooster has continually innovated new ways to deliver on our mission: to empower people to fully harness the web. Based in London, England, we provide comprehensive tools to users throughout the world so anyone, novice or pro, can get on the web and thrive with our web hosting packages.