There was a problem loading the comments.

How to Secure your VPS with Wireguard and Firewall

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

Secure your VPS using our Firewall and Wireguard VPN Service.

This Knowledge base article will assist you with securing your VPS using our Firewall and Wireguard VPN Service.

This guide assumes that you have purchased both a VPS and Wireguard Service from us and these are active on your "Products & Services" Tab within our client zone.

You will be required to have your Wireguard VPN dedicated IP to be used in the following rules .

 

Login to your client zone and open the VPS service that you wish to edit.

1. Select " Firewall Options " and ensure the firewall is enabled for the VPS

6d4594cb658663ce6a9a48253ce99b5cc36a1274f83f9bd172cec7a4e85f49646a04744e875138eb?t=8f7afc1cf9974ca48ec69b8169c9868a

2. Select " Firewall " from the menu.

8db7ea9cc1f35082440e247cfa1e5bb6d3f344a51e42dfecff33c379dcf311291b9c702cd5f76f7a?t=783b6ff46c3c9635211861c838df9bf1

3. Select " Add " to setup your first firewall rules.

be5cb011fd8be02e4b00f96593c68e25e8cb610b142adde1593cf21d89791225fc2c326542cdadbd?t=bd6633eb8f00e8ad4c21640b22ba7835

4. Add the following example for RDP Microsoft Remote Desktop, note the settings:

Type
Inbound : All Traffic inbound to the VPS from the internet
Outbound : All Traffic outbound

Action
ACCEPT :  Allow
DROP :  Deny

Source : The IP that this rule applies to, in this example we are allowing the dedicated Wireguard VPN IP to access the RDP only.
Destination : The VPS IP that this rules applies to.
Protocol : TCP, UDP, ICMP, GRE etc
Destination Port : The port that this rule applies to, in this example TCP:3389

Select "Add" once completed.


d2cb66182f60f4c356df40ce3b47586543711b2323aa706a9aad9ecc6e50bb250123b4daaddda007?t=b23445a5662e6917e84e7d1095e1be98

5. By default on our built-in Firewall everything is open unless you have created rules to restrict access, keeping this in mind you will now need to create a rule to block access to this RDP port for IPs other than the IP you have just allowed access to.

Proceed by adding another rule.

Note that in this example you must update the Action = DROP and update the Source to 0.0.0.0/0 which would include "all IP addresses"

b8ad1d30b4f5ad449a55cbfaec1433356b5cfa23e868da960c5c68cb9c5972e18d0c904bfb17b44e?t=fad6486c6357bbf07abe0a8095f30ab3


6. You should now have two rules, toggle the "ACCEPT" rule to the top of the Firewall.

If successful the VPS should only be reachable once you have connected to the Wireguard VPN.

This will protect your VPS from external RDP attacks and port scans.

703a509645c3e2fb94f3a4d9bf47b03c62c67cb5d131efd39db352ef4fd8880d9ad6d896475060e6?t=8a93a8e1e018c274c76b31cb298c5a6d

 

You can use a online port scanning tool such as this one from Pentest-tools.com to confirm that your VPS port has been secured.


Share via
Did you find this article useful?  

Related Articles

Tags

© Rackzar