By default, the VPS firewall is enabled but has no rules, so all ports are open until you add restrictions.
All ports remain open, including SSH on port 22 for Linux and RDP on port 3389 for Windows.
If you want to secure your server, you can enable the firewall and control which connections are allowed.
First step in enabling the firewall
When you enable the firewall from your client area, it begins filtering traffic immediately. Once active, any port not explicitly allowed will follow your configured policy.
Before starting the firewall configuration, make sure you know how to access your VPS using the noVNC Console. Verify that access via the noVNC Console is working properly, and ensure you know the IP address from which you intend to connect to your VPS via SSH or RDP.
Select the desired VPS on which you want to enable the firewall and click Manage.
Go to Firewall Options in the left menu of your client area.
When starting firewall filtering, the first rule should be to deny all incoming and outgoing traffic on all ports.
Create the deny all incoming traffic rule
In the Firewall section, select Create Firewall Rule to open the rule form.
Fields explained
Type
Defines whether the rule applies to incoming or outgoing traffic.Action
Determines what happens when the rule matches the traffic, such as ACCEPT to allow it, Reject to deny it, and Drop to silently discard the traffic without any response .Interface
The network interface the rule applies to. For a VPS with a single IP address, keep the default value (net0).Source
The IP address allowed to reach your server. For example, you can enter your home IP to restrict access.Destination
The traffic destination IP. Leave this empty if your VPS has one public IP.Protocol
The traffic type, such as TCP.Source port
Set this only if traffic should originate from a specific port.Destination port
The port you want to allow or block.Macro
A predefined template for common services like SSH. Selecting a macro locks protocol and port fields to the correct values.Comment
Add a label so you can identify the rule easily later.
Now that you understand the purpose of each field, the first rule must be configured to block all incoming connections to your VPS. Configure the rule as follows:
Type: In
Action: Reject
Leave all other fields empty. With this configuration, the VPS will reject all incoming traffic on all ports.
After verifying that the rule is configured correctly, enable it by toggling the Enable switch before saving.
If you forgot to toggle the Enable switch before saving, don’t worry — you can enable the rule later from the firewall rules panel.
Save, disable, or edit rules
Once you confirm the rule, it becomes active right away.
If you want to turn it off without deleting it, toggle the rule’s switch to disable it.
To change a rule, open its edit menu using the icon on the right side of the rule entry.
If you want to test the firewall, you should keep in mind that it may take a short time for the rules to propagate. For example, if you have ping enabled on the server and you create a rule to drop ping requests, we recommend stopping the ping and trying again about one minute after creating the drop rule.
Visit our Firewall rule order documentation for an in-depth understanding.