Resources

Firewall guide

Introduction

One of Klikk advantages is that each VPS, regardless of what is running on the VPS, has it’s own firewall for increased security.

Prerequisite for this firewall guide

  • You are logged into myKlikk Dashboard
  • You have deployed and have access to a running VPS

Open Firewall settings

  • Locate the VPS you want to configure firewall on
  • Click the Details gear-icon to open server details
Server list
  • In the settings menu, click the Firewall  
Firewall dashboard

Configuring the firewall

Before you start, it is good to know following about the myKlikk Firewall

  1. When no inbound or outbound rules exist the default settings is to allow all traffic.
  2. When an inbound rule have been created, the default setting is changed to deny all traffic. Meaning the only allowed traffic is the rules defined.
  3. When an outbound rule have been created, the default setting is changed to deny all traffic. Meaning the only allowed traffic is the rules defined.

This is important to know and consider when managing the VPS and the firewall rules. If you for example setup a VPS as a web-server and ftp-server and test this before any firewall rules are configured, it will work. But if you for example only create a rule to only allow web traffic, the ftp-server will not work until you create a separate rule for this as well.

Creating your first firewall rule

For better security on your VPS do not open more than you need, with this in consideration start with mapping following:

  • Is the traffic inbound or outbound?
  • Identify the source IP – is it traffic from internet or only from a specific ip-adress/vps etc?
  • Identify the needed protocol – is it tcp or udp?
  • Identify the needed source ports needed – is it one port, a range of ports or a combination?
  • Identify the needed destinations ports needed – is t one port , a range of ports or a combination?

When you have these answer, you are ready to configure your first firewall rule.

DescriptionDefine the name of the rule in the description of field, in applicable direction (inbound or outbound). The example will use inbound rule. Meaning traffic from external to VPS.
ProtocolSelect the needed protocol.
Source IP’sDefine the source IP’s if needed, or leave blank to allow traffic from any IP’s
Source portsDefine the source ports if needed, or leave blank to allow all source portsIPv6 example: fe80::12 or fe80::/64 or fe80::12:0/112,fe80::ff:100, www.example.com
For security reasons, DNS hostnames will be converted to IP-addresses
Destination portsDefine the destination ports, or leave blank to allow traffic to all portsPort example: 1:10,15,30 (ports from 1 to 10, port 15 and 30)
AllowTo activate the rule, click allow.

The example below will allow Microsoft Remote Desktop Protocol to the server:

  • Type the name by your choosing. Example: Microsoft Remote Desktop Protocol (RDP)
  • Choose the protocol: tcp
  • Type in the needed destination port: 3389
  • Click: Allow

Please note following: After creating one rule, the default setting will now be changed to deny traffic, meaning the only allowed traffic is the actual firewall rules defined on the VPS.

  • When you have defined some rules, it could look like this:
Firewall rules

Delete a firewall rule

  • If a rule, for any reason, are not longer needed, just click the trashcan on the rule.

Examples on commonly used rules

Inbound rules

 DescriptionProtocolSource IP’sSource portsDestination ports
 My other klikk VPSanyxxx.xxx.xxx.xxx
ie: 10.149.0.1
any any
 Microsoft Remote Desktop Protocol (RDP)tcpanyany3389
 FTP Servertcpanyany20:21
 Secure FTP Servertcpanyany989, 990
 Mail POP3/IMAP/IMAP v3tcpanyany110, 143, 220
 Secure Mail POP3S/IMAPStcpanyany995, 993

Outbound rules

 DescriptionProtocolSource IP’sSource portsDestination ports
 SMTPtcpanyany 25
 Secure SMTPtcpanyany 465

See this guide for a full list of Commonly used tcp and udp ports.