← HeatShield Docs

Configuring Server Firewall Rules

Configuring firewall rules and rulesets is a paid feature. For servers on the free plan, learn about our free plan firewall rules.

Rules and Rulesets

A ruleset is a named group of individual firewall rules. Rulesets allow you to organize your firewall rules in ways that make sense for your infrastructure. Each server can have multiple rulesets. The firewall HeatShield configures on a server includes the combination of rules from all of the rulesets that have been applied to the server.

The default firewall policy used by HeatShield is always to deny traffic, so in most cases, you'll only ever add rules to allow traffic to particular ports or from specific IP addresses.

Default Ruleset

Once you enable advanced features on your account by adding your credit card, you will see two default rulesets created for you: "HTTP/HTTPS" and "SSH". These rulesets allow traffic to only your server's HTTP, HTTPS, and SSH ports from any IP address.

You can edit these rulesets by clicking Rulesets at the top of HeatShield and then selecting the ruleset you want to edit.

You can then edit these rulesets to, for example, only allow traffic from specific IP addresses rather than all IP addresses.

Creating Additional Rulesets

You aren't limited to only the default rulesets HeatShield created for you. You can also create your own rulesets.

For example, you might have a database server and multiple web servers. You want the following:

  • Your web servers have HTTP/HTTPS open to all addresses.
  • Your database server has MySQL open only to your web servers' private network IP addresses and your office's IP address.
  • All servers have SSH open only to your office's IP address.

In this situation, you could use three rulesets.

You would then assign rulesets to your servers as follows:

Server Rulesets
webserver-1 HTTP/HTTPS, SSH
webserver-2 HTTP/HTTPS, SSH
database-server Database, SSH

Advanced security for your WordPress sites