ServerPilot comes with a default firewall enabled when you connect to a droplet instance such as from Vultr or Digital Ocean, the only option you have from the ServerPilot control panel is to toggle if on or off.
The actual firewall used is called UFW (uncomplicated firewall) which is a simplistic wrapper over the underlying IP Tables, if you run ufw status when logged in as root you will see the ServerPilot default rules.
To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 68/udp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 68/udp (v6) ALLOW Anywhere (v6)
To set your own firewall up, toggle the firewall to off back in the ServerPilot control panel, now if you run ufw status you will see it is inactive .
[email protected]:~# ufw status Status: inactive
So time to build your own, from the snippet below the first command allows an IP address access to all – a good strategy if you have a permanent IP address, the other rules replicate the ServerPilot ones and the final command ufw enable turns the firewall on.
ufw allow from 188.8.131.52 ufw allow 22/tcp ufw allow 80/tcp ufw allow 443/tcp ufw allow 68/udp ufw enable
The output below will be what the command line will spit back to you as you enter the rules from above.
[email protected]:~# ufw allow from 184.108.40.206 Rules updated [email protected]:~# ufw allow 22/tcp Rules updated Rules updated (v6) [email protected]:~# ufw allow 80/tcp Rules updated Rules updated (v6) [email protected]:~# ufw allow 443/tcp Rules updated Rules updated (v6) [email protected]:~# ufw allow 68/udp Rules updated Rules updated (v6) [email protected]:~# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
Now you have this active you can further add new rules and allow or ban IP addresses.
Technically you could just add more rules to the existing ServerPilot firewall without turning it off and creating your own but they advise against doing this as you may lose your customisations – so better off to create your own.
Now that you have your own custom firewall just make sure the ServerPilot firewall is not toggled back on as doing so will override your customatisations.