CityHost.UA
Help and support

How to configure Firewall?

 

The firewall functionality works directly on the root host machine or on the router (in the case of dedicated servers), which does not affect the performance of your server and does not affect its internal configuration.

 

— The firewall works according to the rule that everything that is not blocked is allowed . That is, blocking rules have priority over unblocking rules.

— If a specific port is not blocked by a firewall, then this port will be publicly available and it is not necessary to unblock it additionally.

— By default, the firewall blocks only 2 custom ports, which are SSH (port 22) and RDP (port 3389) .

— If one of the ports is not available, check whether there is a service on the server that serves this port, and whether it is configured correctly.

 

To configure the firewall, go to your control panel - [control panel link] - [VDS/DS] - [MANAGEMENT] - [SERVER MANAGEMENT TAB]

 

 

In the lower part of the page there will be a control unit [FIREWALL]

 

 

Please note: the rules set by the administrator are highlighted in red and you cannot remove them from your side. These rules are established for two reasons:

— in order to increase protection (do not affect the performance of services on the server)

— in the case of the need to block a specific port, for example, in case of attacks on the server

 


 

Description of settings [Firewall]

 

 

[1] [TRAFFIC TYPE]INBOUND or OUTBOUND . In the case of incoming traffic, the destination IP is the IP address of your server. In the case of outgoing traffic - outgoing IP = IP of your server;

[2] [PROTOCOL]TCP or UDP . If set to [ALL], two rules will be added for TCP and UDP traffic;

[3] [SOURCE IP] or [DESTINATION IP] - for incoming traffic, you must specify the IP address from which the request is sent. For outgoing traffic, you must specify the IP address to which the request is sent. If you specify ALL , the rule will apply to the entire range of IPv4 addresses, that is, to all IP addresses.

[4] [DESTINATION PORT] - specify a specific port. If left blank, the rule will be added for the entire range of ports 1-65535.

[5] [CHOOSE A RULE]ACCEPD or DROP traffic.

 

Please note: You can use a subnet mask when specifying an IP to connect to. The maximum allowable mask is /16 , which is equivalent to 65534 IP addresses of one range. For example, if you have an IP address of 84.246.80.111 , specifying a mask of 84.246.0.0/16 , the rule will work for the entire range of 65 thousand IP addresses.

 


 

How to allow access via SSH

Port 22, Linux operating systems

 

 

[1] [TRAFFIC TYPE] - INBOUND TRAFFIC

[2] [PROTOCOL] - TCP

[3] [OUTBOUND IP] - Enter your IP or mask . You can find out your IP [at the link ip.cx.ua]

[4] [DESTINATION PORTS] - 22

[5] [CHOOSE A RULE] - ACCEPT 

Click the [ADD] button

 


 

How to allow access via RDP

Port 3389, Windows Remote Desktop

 

[1][TYPE OF TRAFFIC] - INBOUND TRAFFIC

[2][PROTOCOL] - TCP

[3][OUTBOUND IP] - Enter your IP or mask . You can find out your IP [at the link ip.cx.ua]

[4][DESTINATION PORTS] - 3389

[5][CHOOSE A RULE] - ACCEPT 

Click the [ADD] button