This guide covers how to configure firewall rules on your HOSTDOG Cloud VPS or dedicated server using common Linux firewall tools. You will learn how to allow essential services, block unwanted traffic, and maintain a secure server environment.
Prerequisites
- An active HOSTDOG Cloud VPS or dedicated server
- Root SSH access to your server
- Basic familiarity with the Linux command line
Choosing a firewall tool
Linux servers typically use one of two firewall management tools:
| Tool | Common on | Notes |
|---|---|---|
| UFW (Uncomplicated Firewall) | Ubuntu, Debian | Simplest syntax, recommended for most users |
| firewalld | CentOS, AlmaLinux, RHEL | Zone-based, feature-rich |
Both tools manage the underlying netfilter/iptables rules. Choose the one that comes with your distribution.
Configure with UFW (Ubuntu/Debian)
Step 1:
Allow SSH access first
Before enabling the firewall, make sure SSH is allowed — otherwise you will lock yourself out:
ufw allow ssh
Warning: Always allow SSH before enabling the firewall. If you lock yourself out, you will need to use the rescue system to regain access.
Step 2:
Allow web traffic and other services
# Allow HTTP and HTTPS
ufw allow 80/tcp
ufw allow 443/tcp
# Allow mail ports (if running a mail server)
ufw allow 25/tcp
ufw allow 587/tcp
ufw allow 993/tcp
Step 3:
Enable the firewall
ufw enableVerify the rules are active:
ufw status verboseConfigure with firewalld (CentOS/AlmaLinux)
Step 1:
Check firewalld status
systemctl status firewalldIf firewalld is not running, start and enable it:
systemctl start firewalld
systemctl enable firewalld
Step 2:
Add service rules
# Allow SSH, HTTP, and HTTPS
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
# Reload to apply
firewall-cmd --reload
Step 3:
Verify the configuration
firewall-cmd --list-allBest practices
- Default deny — Block everything by default and only allow the ports you need
- Restrict SSH access — If possible, limit SSH to your specific IP address rather than allowing it from everywhere
- Keep rules minimal — Each open port is a potential attack surface. Only expose what is necessary.
- Review regularly — Audit your firewall rules periodically and remove services you no longer use
- Combine with DDoS protection — See Understanding DDoS protection for network-level defence
Tip: If your managed services tier includes security patching (all tiers), HOSTDOG also monitors for firewall-related issues as part of 24/7 monitoring.
Related articles
Need Help? If you need assistance configuring your firewall, our support team is available 24/7. Navigate to the HOSTDOG homepage and click the Log in button to open a support ticket and we'll assist you promptly.