← HeatShield Docs

HeatShield for Servers

Features for Free Plan Servers

For servers on the free plan, HeatShield configures a firewall with the following traffic allowed to your server. To Action From -- ------ ---- 22/tcp SSH ALLOW Anywhere 80/tcp HTTP ALLOW Anywhere 443/tcp HTTPS ALLOW Anywhere All other traffic to your server is blocked.

Features for Paid Plan Servers

For servers on the paid plan, HeatShield allows you to create and manage custom firewall rulesets. Learn more about managing rulesets.

Configuring Server Firewall Rules

Configuring firewall rules and rulesets is a paid feature. For servers on the free plan, learn about our free plan firewall rules.

Fail2ban Alternative

For users migrating from Fail2ban, HeatShield for Servers offers a way to have the increased security of automated brute force protection with additional benefits of modern firewall management, including: Complete firewall.

Firewall Management for Amazon Lightsail Servers

HeatShield offers two distinct advantages over Amazon Lightsail's very simple firewall options: the ability to restrict source addresses and SSH brute force protection.

Firewall Management for DigitalOcean Servers

HeatShield was designed to make firewall management for DigitalOcean servers easy and painless. DigitalOcean's simplicity made it possible for many more people to easily deploy and run their own cloud servers.

Firewall Management for Linode Servers

HeatShield is the simplest and safest way to manage a powerful firewall on your Linode servers. As one of the oldest cloud server providers, Linode has made it easy to deploy and run a cloud server.

Firewall Management for Rackspace Servers

HeatShield is the easiest and safest way to configure and manage firewalls on your Rackspace cloud servers. Rackspace was one of the first server providers to make cloud server deployment simple and accessible to all developers.

How to Install HeatShield for Servers

Once you connect your server to HeatShield, your server's firewall will be fully configured and managed by HeatShield. To connect your server, you will need SSH access to your server as root.

iptables Alternative

Instead of managing fragile iptables rules directly, HeatShield provides an iptables alternative that allows developers and server administrators to safely configure firewalls without risk and complexity.

Securing a Mail Server with a Firewall

If you host your own mail server, you can easily use HeatShield to configure your firewall for email. Specifically, you will want to open the following ports:

Securing cPanel with a Firewall

Because cPanel installs many different services on your server, you need to open a variety of ports depending on your goals and usage.

Securing DNS Servers with a Firewall

The Domain Name System, or DNS, speaks over TCP port 53 and UDP port 53. If you are hosting a DNS server, you will need to configure your firewall to allow traffic through these ports.

Securing Memcached with a Firewall

According to the Memcached documentation, "you must not expose memcached directly to the internet, or otherwise any untrusted users." Memcached was not designed to be secure without a firewall blocking access from all IP addresses except those that belong to your own application servers.

Securing MongoDB with a Firewall

According to the MongoDB documentation, you should ensure only trusted hosts have access to MongoDB to reduce the risk exposure of the entire MongoDB system.

Securing MySQL with a Firewall

As with any database, you should restrict access to your MySQL server so it can only be accessed from IP addresses that need to communicate with it.

Securing OpenVPN with a Firewall

With HeatShield, you can restrict the firewall for your OpenVPN Access Server so it can only be accessed from the IP addresses that need to communicate with it.

Securing Plesk with a Firewall

When used as a control panel, Plesk installs several services on your server. For those services to run correctly, you need to configure your firewall to open the ports needed for the services you wish to use.

Securing PostgreSQL with a Firewall

With HeatShield, you can restrict access to your PostgreSQL database server so it can only be accessed from the IP addresses that need to communicate with it.

Securing Redis with a Firewall

According to the Redis documentation, Redis is designed to only be accessed by trusted clients. That means it is not safe to leave Redis exposed without a firewall.

Securing SSH with a Firewall

When you connect a server, HeatShield automatically configures a firewall rule to allow access to the standard SSH port (22) from any IP address.

Securing Webmin with a Firewall

If you use Webmin on your server, you can create a ruleset in HeatShield to limit access to only your server's administrator.

Server Requirements

Installing HeatShield for Servers requires the following: Operating System Ubuntu LTS 16.04 or 18.04 Architecture 64-bit Virtualization Any (iptables management unavailable in containers) Memory >= 256 MB

SSH Brute Force Protection

HeatShield for Servers dynamically updates your server's firewall to block IP addresses that have attempted brute force SSH login attacks from any further attacks.

Types of Server Firewall Rules

Each firewall rule consists of three parts: Action: whether traffic should be allowed or denied Destination port: the destination TCP or UDP port (or range of ports) the rule pertains to Source address: the source IP address (or range of addresses) the rule pertains to Action All traffic to your server that is not explicitly allowed due to an allow rule is blocked.

Ubuntu Firewall

HeatShield provides a simple, powerful firewall for Ubuntu servers. Once you've installed HeatShield, you can easily manage firewalls across all of your servers without needing to SSH into any of them.

UFW Alternative

Although UFW is a popular firewall management tool for Ubuntu servers, it still has many "gotchas" administrators have to learn the hard way.

Using a Firewall with a CDN

If your server is connected to a content delivery network (CDN), you can create a HeatShield ruleset to only allow HTTP/HTTPS access to your server from the IP addresses belonging to your CDN.

Using a Firewall with CloudFlare

If you use CloudFlare's CDN (content delivery network), you can create a ruleset in HeatShield to only allow HTTP/HTTPS access to your server from those IP addresses belonging to CloudFlare.

Using a Firewall with ServerPilot

When you connect a server managed by ServerPilot to HeatShield, HeatShield will install its own firewall and will automatically disable ServerPilot's firewall.

Advanced security for your WordPress sites