This Knowledge base article will assist you with securing your VPS using our Firewall and Wireguard VPN Service.
This guide assumes that you have purchased both a VPS and Wireguard Service from us and these are active on your "Products & Services" Tab within our client zone.
You will be required to have your Wireguard VPN dedicated IP to be used in the following rules .
1. Select " Firewall Options " and ensure the firewall is enabled for the VPS
2. Select " Firewall " from the menu.
3. Select " Add " to setup your first firewall rules.
4. Add the following example for RDP Microsoft Remote Desktop, note the settings:
Type
Inbound : All Traffic inbound to the VPS from the internet
Outbound : All Traffic outbound
Action
ACCEPT : Allow
DROP : Deny
Source : The IP that this rule applies to, in this example we are allowing the dedicated Wireguard VPN IP to access the RDP only.
Destination : The VPS IP that this rules applies to.
Protocol : TCP, UDP, ICMP, GRE etc
Destination Port : The port that this rule applies to, in this example TCP:3389
Select "Add" once completed.
5. By default on our built-in Firewall everything is open unless you have created rules to restrict access, keeping this in mind you will now need to create a rule to block access to this RDP port for IPs other than the IP you have just allowed access to.
Proceed by adding another rule.
Note that in this example you must update the Action = DROP and update the Source to 0.0.0.0/0 which would include "all IP addresses"
6. You should now have two rules, toggle the "ACCEPT" rule to the top of the Firewall.
If successful the VPS should only be reachable once you have connected to the Wireguard VPN.
This will protect your VPS from external RDP attacks and port scans.
You can use a online port scanning tool such as this one from Pentest-tools.com to confirm that your VPS port has been secured.
