VPS Dedicated WP Professional Plus
Firewalls evaluate your server's network traffic and decide whether it should be allowed or not. It helps protect your network from external threats (such as malware or viruses) and since it is the first network defense that traffic encounters, it's important to set up your firewall correctly.
Luckily, all Pair Network servers have firewalls included, so you don't have to worry. They use a standard configuration and ensures that prevents most unauthorized connections to your hosting server.
For those with a unique hosting scenario that requires more firewall control, our VPS, Dedicated, and WP Professional Plus accounts allow the user to make their own firewall configurations. However, it is important to note that while some of the basic firewall configuration can be customized, not all can be changed.
In order to maintain the server's operation and performance, firewalls may be added or removed by automated systems. For example, if a server is being spammed heavily by bots or remote attackers, a firewall rule may temporarily be put into place to protect the server.
Understanding How Firewalls Work
Firewalls evaluate your server's network traffic against a set of rules that define whether the network activity should be allowed or disallowed.
Information on the Internet is called a "packet." Firewalls will check these packets and make sure that they match the firewall rules. Rules are made up of two parts:
- The first part of a rule defines what packets the rule applies to.
- The second part indicates the action that should be taken if the packet fits the requirements.
Normally this second part is an "allow" or "deny" action. So, for example, if you have a packet that fits the requirements for a rule with a deny action, the packet will not be allowed entry to the server. On the other hand, if a packet fits the requirements for a rule with an allow action, the packet will be given access to the server.
Essentially, firewalls are like guards at a gate with specific instructions on what can be let through and what can't be. They have a range of things (rules) they will check and if any traffic does not pass all the requirements, it is barred from entering the inner network.
The entry points that the firewall guards are called ports. They are the only way for traffic to get in and out of the server. Not all ports lead to the same place, so it's important to consider that when setting a firewall rule.
Why Would I Want to Add Firewall Rules
Pair Networks sets up hosting accounts with a basic firewall configuration designed to protect your server. So why would you want to add your own rules?
Most of the time, it's not necessary. Our default rules deny access to protected services provided by the server, while still allowing access to public services such as the web server and incoming email server.
However, there are some situations where a custom firewall rule may be beneficial to add a custom firewall rule. Here are some examples:
Your dedicated server runs a custom private service on an open port, such as a standalone web application, and you want to block remote access to that service. |
Your dedicated database server allows remote access to the database and you want only specific remote hosts to be able to access it. |
Your website is either under maintenance or has been hacked and you want to block everyone from accessing it. |
Please note that this is not an exhaustive list of reasons and there may be more scenarios where a custom firewall rule is useful.
It is important to remember that there are other firewall rules in place, which are required to ensure the operation of vital Pair Networks infrastructure. These rules will prevent some customer rules from working completely.
For example, "deny all from any to any" will not actually deny all packets; it will only deny packets that weren't previously allowed by a previous Pair Networks firewall rule.
Adding Rules to Your pair Server Firewall
If you would like to have influence over your firewall, you can create custom firewall rules on VPS, Dedicated, and WP Professional Plus accounts. This gives you power over what is allowed access to your server and what your server has access to.
Note: This tutorial only works on VPS, Dedicated, or WP Professional Plus servers.
- Log in to your Account Control Center (ACC)
- In the left sidebar, click Dedicated
- In the drop-down, click Manage Firewall Rules
- Click the Add Rule button
- Fill out the following fields:
Action This setting determines whether matching packets will be blocked by the firewall (deny) or allowed to pass through (allow). Protocol The selected action only applies to packets whose protocol is either TCP (Transmission Control Protocol), UDP (User Datagram Protocol), or both. Source Host This rule only applies to incoming packets originating from a host that matches this setting. Choose All Hosts to match packets from any remote host, or specify a single host or a CIDR network in the Other box. Source Port The selected action only applies to packets which originate from the selected Source Port. If you select Other, you can specify any port number or service name. Destination Host This is typically used to ensure that a firewall rule applies to one of the domain names hosted on your site, but not all of them. If it should apply to all of your domain names, select Any Host.
Destination Port The selected action only applies to packets whose destination is set to the selected Destination Port. If you select Other, you can specify any port number or service name.
Description Enter a description that will allow you to recognize your firewall rule in your list of firewalls on the Manage Firewall Rules page. If you leave this text field empty, then no description will be included.
- Click the Add Rule button
This will add the rule to your Pair server's firewall.