Firewall guide
Introduction
One of Klikk advantages is that each VPS, regardless of what is running on the VPS, has it’s own firewall for increased security.
Prerequisite for this firewall guide
- You are logged into myKlikk Dashboard
- You have deployed and have access to a running VPS
Open Firewall settings
- Locate the VPS you want to configure firewall on
- Click the Details gear-icon to open server details
- In the settings menu, click the Firewall
Configuring the firewall
Before you start, it is good to know following about the myKlikk Firewall
- When no inbound or outbound rules exist the default settings is to allow all traffic.
- When an inbound rule have been created, the default setting is changed to deny all traffic. Meaning the only allowed traffic is the rules defined.
- When an outbound rule have been created, the default setting is changed to deny all traffic. Meaning the only allowed traffic is the rules defined.
This is important to know and consider when managing the VPS and the firewall rules. If you for example setup a VPS as a web-server and ftp-server and test this before any firewall rules are configured, it will work. But if you for example only create a rule to only allow web traffic, the ftp-server will not work until you create a separate rule for this as well.
Creating your first firewall rule
For better security on your VPS do not open more than you need, with this in consideration start with mapping following:
- Is the traffic inbound or outbound?
- Identify the source IP – is it traffic from internet or only from a specific ip-adress/vps etc?
- Identify the needed protocol – is it tcp or udp?
- Identify the needed source ports needed – is it one port, a range of ports or a combination?
- Identify the needed destinations ports needed – is t one port , a range of ports or a combination?
When you have these answer, you are ready to configure your first firewall rule.
| Description | Define the name of the rule in the description of field, in applicable direction (inbound or outbound). The example will use inbound rule. Meaning traffic from external to VPS. |
| Protocol | Select the needed protocol. |
| Source IP’s | Define the source IP’s if needed, or leave blank to allow traffic from any IP’s |
| Source ports | Define the source ports if needed, or leave blank to allow all source portsIPv6 example: fe80::12 or fe80::/64 or fe80::12:0/112,fe80::ff:100, www.example.com For security reasons, DNS hostnames will be converted to IP-addresses |
| Destination ports | Define the destination ports, or leave blank to allow traffic to all portsPort example: 1:10,15,30 (ports from 1 to 10, port 15 and 30) |
| Allow | To activate the rule, click allow. |
The example below will allow Microsoft Remote Desktop Protocol to the server:
- Type the name by your choosing. Example: Microsoft Remote Desktop Protocol (RDP)
- Choose the protocol: tcp
- Type in the needed destination port: 3389
- Click: Allow
Please note following: After creating one rule, the default setting will now be changed to deny traffic, meaning the only allowed traffic is the actual firewall rules defined on the VPS.
- When you have defined some rules, it could look like this:
Delete a firewall rule
- If a rule, for any reason, are not longer needed, just click the trashcan on the rule.
Examples on commonly used rules
Inbound rules
| Description | Protocol | Source IP’s | Source ports | Destination ports |
| My other klikk VPS | any | xxx.xxx.xxx.xxx ie: 10.149.0.1 | any | any |
| Microsoft Remote Desktop Protocol (RDP) | tcp | any | any | 3389 |
| FTP Server | tcp | any | any | 20:21 |
| Secure FTP Server | tcp | any | any | 989, 990 |
| Mail POP3/IMAP/IMAP v3 | tcp | any | any | 110, 143, 220 |
| Secure Mail POP3S/IMAPS | tcp | any | any | 995, 993 |
Outbound rules
| Description | Protocol | Source IP’s | Source ports | Destination ports |
| SMTP | tcp | any | any | 25 |
| Secure SMTP | tcp | any | any | 465 |
See this guide for a full list of Commonly used tcp and udp ports.
