As you know, using a VPS or server in an Internet environment always poses security risks. There are many bots around the world that are constantly in a "lurking" state, waiting for the Cloud Server to connect to the Internet so they can immediately jump in and scan default connection ports such as SSH, FTP, etc., and continuously attempt to guess passwords. There have been many cases where Cloud Servers used simple passwords like "root123" with the default SSH port, which quickly led to the Cloud Server being exploited as a botnet for outward attacks. This causes the IP address of the Cloud Server to gain a bad reputation, affecting the websites running on the Cloud Server and the service provider.
Configuring Firewall on members.vhost.vn
To configure firewall, in the management interface, go to the Cloud Server that needs firewall configuration, then select the Network tab and choose Firewall.
- First, in the Option selection, you need to pay attention to three parameters: Enable Firewall, Input Policy, and Output Policy.
- Enable Firewall: Yes/No – Allows you to enable or disable the Cloud Server's firewall.
- Input Policy: ACCEPT/DROP – Allows or denies incoming connections from the outside to the Cloud Server.
- Output Policy: ACCEPT/DROP – Allows or denies outgoing connections from the Cloud Server to the outside.
Recommendation: For safe usage, vHost recommended to set the Input Policy to DROP and then configure rules to allow access to the Cloud Server, in order to avoid potential security risks.
2. Set up a rule: In this guide, a rule will be set up with Enable Firewall set to No and Input Policy set to DROP in the Rules -> Add new rule.
Then, create a rule by selecting Rules >> Add new rule.
- Interface >> net0: The default will be net0, which is the network card connected to the internet for the Cloud Server.
- Type >> IN: Allows connections from the outside to the Cloud Server.
- Macro: Various protocols such as HTTPS, SSH, POP3, etc., are available.
- Action >> ACCEPT: Allows the connection.
- Protocol: If the Macro is already configured, the Protocol section cannot be configured. If you do not wish to use predefined Macros, you can select the Protocol here as TCP or UDP, etc., and configure the Port in the Destination / Port section.
- Source / Port: Optional configuration to allow connections from one or multiple specific external IPs, and the connection port can also be customized. Leaving it blank means allowing connections from all IPs and ports from the outside.
- Destination / Port: Leaving the IP address field blank implies the IP of the Cloud Server, so it should remain empty. If you configured the Macro section, the Port can be left blank. If you configured the Protocol section, you need to enter the Port to allow connections from the Source / Port to a specific port on the Cloud Server.
In addition to manually configuring as instructed above, you can also use the pre-configured rule sets that vHost has already set up under Type -> Group in the Add New Rule section.
Similarly, you can create different rules depending on your needs.
Note: After creating the rules, you need to enable the firewall for the Cloud Server for the firewall configuration to take effect. Go to Network -> Firewall, then in the Options section, select Enable Firewall and switch it to Yes.
Conclusion
After completing the firewall configuration, your VPS will be more securely protected. The firewall rules have been tightly configured, ensuring that only authorized connections are allowed and blocking external attacks.
If you need further assistance, please open a ticket with Customer Support or send an email to support@vhost.vn for help.