How to Set Up a Firewall to Protect Your Dedicated Server
Securing your dedicated server with a firewall is an essential step in defending it from unauthorised access and malicious attacks. A firewall acts as a gatekeeper, controlling the flow of traffic to and from your server based on predefined security rules. This guide provides step-by-step instructions to help you set up a firewall on your dedicated server.
Step 1: Log in to your server
To configure a firewall, you need root or administrative access to your server. Connect to your server via SSH.
- Open your terminal or an SSH client.
- Use the following command to log in:
ssh root@your-server-ip
Step 2: Check for a firewall application
Most servers have a firewall application installed by default. Common options include iptables, firewalld, or ufw (Uncomplicated Firewall). Check which firewall is installed:
- For
iptables:iptables --version - For
firewalld:firewall-cmd --version - For
ufw:ufw status
If no firewall is installed, you can install one. For example, to install ufw, use:
apt install ufw # On Debian/Ubuntu
yum install firewalld # On CentOS/RHEL
Step 3: Enable your firewall
Before adding rules, ensure the firewall is active.
- To start
ufw:ufw enable - To start
firewalld:systemctl start firewalld systemctl enable firewalld
Step 4: Configure basic firewall rules
Define the traffic you want to allow or block. The following are some basic rules to secure your server:
-
Allow SSH access:
ufw allow ssh # OR firewall-cmd --permanent --add-service=ssh firewall-cmd --reload -
Allow HTTP and HTTPS traffic (for web servers):
ufw allow http ufw allow https # OR firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload -
Deny all other incoming traffic:
ufw default deny incoming ufw default allow outgoing # OR firewall-cmd --set-default-zone=drop
Step 5: Add custom rules (if needed)
You may need custom rules for specific applications or ports. For example:
-
To allow traffic on port 3306 (MySQL):
ufw allow 3306 # OR firewall-cmd --permanent --add-port=3306/tcp firewall-cmd --reload -
To block an IP address:
ufw deny from 192.168.1.1 # OR firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.1' reject" firewall-cmd --reload
Step 6: Test your firewall rules
It’s crucial to test your firewall configuration to ensure it works as expected.
-
Check the status of your rules:
ufw status # OR firewall-cmd --list-all -
Attempt to connect to your server from another device to verify that only allowed traffic is permitted.
Step 7: Enable firewall persistence
To ensure your firewall rules persist after a reboot, make sure the firewall service is enabled:
- For
ufw:systemctl enable ufw - For
firewalld:systemctl enable firewalld
Step 8: Monitor and update your firewall rules
Regularly review your firewall settings to accommodate new applications or services while maintaining security.
-
Remove unnecessary rules:
ufw delete allow 3306 # OR firewall-cmd --permanent --remove-port=3306/tcp firewall-cmd --reload -
Add new rules as needed for specific use cases.
By following these steps, you can effectively set up a firewall to protect your dedicated server from unauthorised access and threats. Implementing a robust firewall configuration is one of the most important steps in securing your server and ensuring reliable performance.
