How to use the integrated firewall on a VPS LXC ?
The VPS LXC offer allows you to benefit from a firewall integrated directly into our panel, this allows you to create rules without the risk of locking yourself out of your server with a wrong command.
First you need to access the management panel of your VPS LXC and then click on the Firewall tab in the Additional Tools sub-menu:
It then appears all the firewall rules you already have for your VPS, if you don't have them the list is empty:
To set up a new rule just click on Add and answer these few questions:
Direction : in or out
| Does your rule concern an incoming or outgoing flow from your VPS?
Action : accept, drop or reject
| In most cases if you want to accept a feed you have to choose accept, if you want to refuse it it is better to choose drop or reject.
|| In both cases drop or reject allows to block an incoming connection. The drop function allows you to prohibit a stream without sending any response to the sender, the reject function allows you to notify the sender of the rejection of his stream.
Interface : venet or net0
||| For the flow outside your VPS you have to choose net0
Source: IP or source CIDR block (Example: 192.168.1.1 or 192.168.0.0/24)
Destination: IP or CIDR block destination (Example: 192.168.1.1 or 192.168.0.0/24)
Macro: Allows to choose a port from a known list
Protocol: protocol of the connection to be blocked (Leave blank for all)
Source port: Source port
Destination port: Port of destination
Comment : To easily find your way around
Then click on Add to add the rule to your firewall.
Direction: In
Action: DROP
Interface: net0
Source: 0.0.0.0/0
Destination port: 22
Protocol: TCP
0.0.0.0/0 defines the existing IPv4 set
It is essential to create a rule to authorize SSH flow from an authorized IP to be able to access the VPS server.
First you need to access the management panel of your VPS LXC and then click on the Firewall tab in the Additional Tools sub-menu:
It then appears all the firewall rules you already have for your VPS, if you don't have them the list is empty:
To set up a new rule just click on Add and answer these few questions:
Direction : in or out
| Does your rule concern an incoming or outgoing flow from your VPS?
Action : accept, drop or reject
| In most cases if you want to accept a feed you have to choose accept, if you want to refuse it it is better to choose drop or reject.
|| In both cases drop or reject allows to block an incoming connection. The drop function allows you to prohibit a stream without sending any response to the sender, the reject function allows you to notify the sender of the rejection of his stream.
Interface : venet or net0
||| For the flow outside your VPS you have to choose net0
Source: IP or source CIDR block (Example: 192.168.1.1 or 192.168.0.0/24)
Destination: IP or CIDR block destination (Example: 192.168.1.1 or 192.168.0.0/24)
Macro: Allows to choose a port from a known list
Protocol: protocol of the connection to be blocked (Leave blank for all)
Source port: Source port
Destination port: Port of destination
Comment : To easily find your way around
Then click on Add to add the rule to your firewall.
Example of a rule
Protect the SSH access of its VPS :
Direction: In
Action: DROP
Interface: net0
Source: 0.0.0.0/0
Destination port: 22
Protocol: TCP
0.0.0.0/0 defines the existing IPv4 set
It is essential to create a rule to authorize SSH flow from an authorized IP to be able to access the VPS server.
Updated on: 17/10/2022
Thank you!