Creating Firewall Rules in the Client Area

Lightspeed Hosting provides a built-in firewall to help secure your server by controlling inbound and outbound network traffic. You can configure firewall rules directly from the Client Area to allow only necessary connections while blocking unauthorized access.

Default Firewall Behavior

When the firewall is enabled, it follows these default rules:
✅ Inbound Traffic (Incoming Connections) → Blocked by default (implicit deny) unless explicitly allowed.
✅ Outbound Traffic (Outgoing Connections) → Allowed by default (implicit permit).

This means that unless you create rules to allow specific inbound connections (e.g., SSH, web traffic), they will be blocked automatically.

Step 1: Access the Firewall Settings

1. Log in to your Client Area.
2. Navigate to Additional Tools > Firewall.
3. Under the Firewall tab, click Create Firewall Rule.

Step 2: Configure a Firewall Rule

When creating a rule, you will need to configure several options:

General Settings

• Enable: Set this to On to activate the rule.
• Type:
  • In → Controls incoming (inbound) traffic to your server.
  • Out → Controls outgoing (outbound) traffic from your server.

Rule Actions

• Accept → Allows the specified traffic.
• Drop → Silently discards traffic without notifying the sender.
• Reject → Blocks traffic and sends a response to the sender.

Interface Selection

• net0 → The public interface (internet-facing traffic).
• net1 → The private interface (internal network traffic, if applicable).

Macro (Optional)

The Macro option provides predefined settings for common applications and services, making it easier to allow traffic for things like SSH, HTTP, HTTPS, or DNS without manually specifying ports and protocols.

IP Address Filtering

• Source: The originating IP address of incoming traffic.
  • Example: Your office’s public IP to restrict SSH access.
• Destination: The target IP address (usually your server's IP).
  • Leave blank unless filtering specific internal destinations.

Protocol & Ports

• Protocol: Defines the network protocol for the rule.
  • Common options: TCP, UDP, ICMP.
• Source Port: Usually left blank unless specifying a source port.
• Destination Port: The port on your server that the rule applies to.
  • Example: 22 for SSH, 80 for HTTP, 443 for HTTPS.

Comment (Optional)

• Add a description for reference (e.g., “Allow SSH from Office”).

Step 3: Save and Apply the Rule

1. After configuring the rule, click Save.
2. Go to Firewall Options and enable the firewall if it is not already active.

Example Firewall Rules

1. Allow SSH from a Specific IP (Secure Remote Access)

• Enable: On
• Type: In
• Action: Accept
• Interface: net0 (public)
• Source: <your-office-ip>
• Destination Port: 22 (SSH)
• Protocol: TCP
• Comment: "Allow SSH from Office"

2. Allow HTTP and HTTPS Traffic (Web Server Access)

• Enable: On
• Type: In
• Action: Accept
• Interface: net0 (public)
• Destination Port: 80 (HTTP)
• Protocol: TCP
• Comment: "Allow Web Traffic"

3. Block All Other Incoming Traffic by Default (Recommended for Security)

(This rule is already enforced by the implicit deny, but can be added for clarity)

• Enable: On
• Type: In
• Action: Drop
• Interface: net0 (public)
• Comment: "Block all other inbound traffic"

Final Recommendations

✅ Test connectivity after applying rules to ensure required services remain accessible.
✅ Use IP whitelisting for critical services like SSH to prevent unauthorised access.
✅ Remember that outbound traffic is permitted by default, so you only need rules if you want to restrict outgoing connections.