Announcement

Collapse
No announcement yet.

[How To] Configure the vServer firewall over the Powerpanel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [How To] Configure the vServer firewall over the Powerpanel

    Hello all

    Here I will shortly describe on how you can Configure and Activate the firewall over our Powerpanel, this you can find under vServer -> Firewall.

    So when you do go there the first time there will be no rules and all deactivated:





    Now if you want to use it we need to create a new rule set (if you wish you can also use one of the templates that will already set some of the rules):



    In this case I will create a Rule Set with no Template and with the name "Example", to save it click on the Save button:




    Now we can go to Edit the rule set by clicking on the 3 Bars icon (Edit rules)




    Here we can now click on "Add rule" and create each rule as needed, I will now create one example with a rule that only accepts access to port 22 (ssh) from a specific IP.




    After you have filled it out according to your need, do not forget to set the Status to Active and to Save it.
    Now we go back to the Firewall menu and click on the "Edit rule set" icon and edit the rule set to set it to active:



    Now save it, go back to the Firewall menu and Activate the Firewall itself:










    Now lets test it:


    From the right IP:


    # nmap 85.25.46.42 -p22 -PN

    Starting Nmap 6.40 ( http://nmap.org ) at 2018-01-04 16:29 CET
    Nmap scan report for euve111890.serverprofi24.de (85.25.46.42)
    Host is up (0.00038s latency).
    PORT STATE SERVICE
    22/tcp open ssh

    Nmap done: 1 IP address (1 host up) scanned in 1.14 seconds

    ----

    # ssh root@85.25.46.42
    root@85.25.46.42's password:
    Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-042stab125.5 x86_64)

    * Documentation: https://help.ubuntu.com/
    Last login: Thu Jan 4 15:28:18 2018 from 85.25.204.76

    From any other IP:

    $ nmap 85.25.46.42 -p22 -PN

    Starting Nmap 7.01 ( https://nmap.org ) at 2018-01-04 16:31 CET
    Nmap scan report for euve111890.serverprofi24.de (85.25.46.42)
    Host is up.
    PORT STATE SERVICE
    22/tcp filtered ssh

    Nmap done: 1 IP address (1 host up) scanned in 2.17 seconds


    $ ssh root@85.25.46.42
    ssh: connect to host 85.25.46.42 port 22: Connection timed out


    As you can see the the connection is only possible now from the right location.
    Also if we check directly on the server with iptables -l you will see that it added the rules the same way you would do it over SSH:



    # iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    VSFW-10080576-INPUT all -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    VSFW-10080576-OUTPUT all -- anywhere anywhere

    Chain VSFW-10080576-INPUT (1 references)
    target prot opt source destination
    ACCEPT tcp -- 85.25.204.76 anywhere tcp dpt:ssh
    DROP all -- anywhere anywhere


    Chain VSFW-10080576-OUTPUT (1 references)
    target prot opt source destination
    ACCEPT tcp -- anywhere 85.25.204.76 tcp spt:ssh
    DROP all -- anywhere anywhere




    If you have any questions let us know.

    Best Regards
    Martin
Working...
X