In this tutorial I will explain the basics of setting up the Hosmatic Firewall, if you already have experience with software based firewall solutions, the setup should be no problem for you.
What is a firewall?
A firewall is a type of door that you can open and close for specific IPs & ports. This is important to increase the security of your server and prevent attacks.
What is Hosmatic Firewall?
Unlike ufw or IPTables, Hosmatic Firewall allows you to easily define hardware based firewall rules. This works via the Hosmatic web dashboard and is available for all root servers.
Functional structure in the dashboard
The firewall is divided into three different sections:
Firewall rules: Set rules for defined IPs/ports. Aliases: Define aliases (names) for IPs that can be used in firewall rules. IP sets: Define lists of IPs that can be used in the firewall rules.
By default, all ports are open for incoming and outgoing connections. You can then use the firewall to set appropriate rules. In the following part I will explain how to block all incoming connections and then unblock SSH access, this step can be repeated to open different services.
Creating an IP set
- Note down your IPv4 and IPv6 addresses from the "Product Information" tab.
- Go to "More" ? "Firewall" ? "IP-Set" and click the "+".
- Give the entry a name (e.g. "serverip") and save it.
- Click the edit icon and add both IPv4 and IPv6.
*Info: If you have an IPv6-only server, an IP-Set is not necessary, you can then specify the IPv6 directly under "Source-Address".
Block all incoming ports
- Go back to the "firewall rules" tab and click the "+".
- Select "in" for direction and "DROP" for action.
- Enter the name of your IP-Set (where your server IPs are defined) (e.g. "serverip") as the "Source-Address". You must either select the IP-Set from the drop-down list or prefix it with "+guest/".
- Create a new firewall rule.
- Select "in" for direction and "ACCEPT" for action.
- Enter the name of your IP-Set (e.g. "serverip") as the source address. You must either select the IP-Set from the drop-down list or prefix it with "+guest/".
- Select the service you want to share under Macro.
- If your service is not listed under Macro or you have changed the port, please specify it under "source port".
Move the rules
Move the entry with the "ACCEPT" action OVER the "DROP" action. This is important for your Allow rule to work and should also be followed when adding future rules.
Repeat the "Allow ports" step for all connections that should be allowed from the outside.
That's it! You have created your first firewall rules.
If you have any further questions & problems, please do not hesitate to contact us.