OpenVPS Firewall

The OpenVPS panel includes a simple web-based interface providing essential firewall configuration functions.

The firewall works by generating iptables rules on the host which allow for selective filtering of traffic based on destination TCP/UDP ports optionally in combination with source IP address, as well as complete traffic blocking based on source IP.

The firewall operates in two modes - Allow All and Deny All. In Allow All mode (default) all traffic is allowed, except for the specified ports. In Deny All mode all traffic is denied, except for the specified ports.

Each filter rule also allows you to specify a list of IP addresses (or networks using the CIDR "slash" notation). Regardless of whether the mode is Allow or Deny, these IP's will be allowed and all other traffic denied.

Even though the firewall defaults to Allow All with no ports specified (which essentially permits all traffic) to avoid initial confusion, we do recommend you switch to Deny All and explicitly specify the ports you would like to have open. Regardless of mode, ICMP (ping) traffic is always allowed.

A separate tab in the OpenVPS panel provides for listing of IP's or networks whose traffic is to be completely dropped. This is useful for banning IP addresses or networks that are known to be infected with worms, viruses or otherwise malicious.