You do not need to use the IP Packet Filter in order to use the WordPress Firewall. An IP Packet Filter is a very low-level firewall only looks at the source and destination of data packets received by your server.
The IP Packet Filter is not required to use the WordPress Web Application Firewall (WAF). WordPress WAF In order to use the WordPress WAF, you only need to install the HeatShield agent on your server where WordPress is running.
The IP Packet Filter is useful in the following situations: Blocking SSH Brute Force Attacks If you're experiencing SSH brute force login attacks, HeatShield can block those attacks.
This page is about the IP Packet Filter. To instead use our WordPress Firewall, see our WordPress hosting requirements. Installing the IP Packet Filter requires the following:
Configuring firewall rules and rulesets is a paid feature. For servers on the free plan, learn about our free plan firewall rules.
For users migrating from Fail2ban, HeatShield IP Packet Filter offers a way to have the increased security of automated brute force protection with additional benefits of modern firewall management, including: Complete firewall.
HeatShield offers two distinct advantages over Amazon Lightsail's very simple firewall options: the ability to restrict source addresses and SSH brute force protection.
HeatShield was designed to make firewall management for DigitalOcean servers easy and painless. DigitalOcean's simplicity made it possible for many more people to easily deploy and run their own cloud servers.
HeatShield is the simplest and safest way to manage a powerful firewall on your Linode servers. As one of the oldest cloud server providers, Linode has made it easy to deploy and run a cloud server.
HeatShield is the easiest and safest way to configure and manage firewalls on your Rackspace cloud servers. Rackspace was one of the first server providers to make cloud server deployment simple and accessible to all developers.
For servers on the free plan, HeatShield configures a firewall with the following traffic allowed to your server. To Action From -- ------ ---- 22/tcp SSH ALLOW Anywhere 80/tcp HTTP ALLOW Anywhere 443/tcp HTTPS ALLOW Anywhere All other traffic to your server is blocked.
To enable the IP Packet Filter on your server, you will need SSH access to your server as root.
Instead of managing fragile iptables rules directly, HeatShield provides an iptables alternative that allows developers and server administrators to safely configure firewalls without risk and complexity.
For servers on the paid plan, HeatShield allows you to create and manage custom firewall rulesets. Learn more about managing rulesets.
If you host your own mail server, you can easily use HeatShield to configure your firewall for email. Specifically, you will want to open the following ports:
Because cPanel installs many different services on your server, you need to open a variety of ports depending on your goals and usage.
The Domain Name System, or DNS, speaks over TCP port 53 and UDP port 53. If you are hosting a DNS server, you will need to configure your firewall to allow traffic through these ports.
According to the Memcached documentation, "you must not expose memcached directly to the internet, or otherwise any untrusted users." Memcached was not designed to be secure without a firewall blocking access from all IP addresses except those that belong to your own application servers.
According to the MongoDB documentation, you should ensure only trusted hosts have access to MongoDB to reduce the risk exposure of the entire MongoDB system.
As with any database, you should restrict access to your MySQL server so it can only be accessed from IP addresses that need to communicate with it.
With HeatShield, you can restrict the firewall for your OpenVPN Access Server so it can only be accessed from the IP addresses that need to communicate with it.
When used as a control panel, Plesk installs several services on your server. For those services to run correctly, you need to configure your firewall to open the ports needed for the services you wish to use.
With HeatShield, you can restrict access to your PostgreSQL database server so it can only be accessed from the IP addresses that need to communicate with it.
According to the Redis documentation, Redis is designed to only be accessed by trusted clients. That means it is not safe to leave Redis exposed without a firewall.
When you connect a server, HeatShield automatically configures a firewall rule to allow access to the standard SSH port (22) from any IP address.
If you use Webmin on your server, you can create a ruleset in HeatShield to limit access to only your server's administrator.
The IP Packet Filter dynamically updates your server's firewall to block IP addresses that have attempted brute force SSH login attacks from any further attacks.
Each firewall rule consists of three parts: Action: whether traffic should be allowed or denied Destination port: the destination TCP or UDP port (or range of ports) the rule pertains to Source address: the source IP address (or range of addresses) the rule pertains to Action All traffic to your server that is not explicitly allowed due to an allow rule is blocked.
HeatShield provides a simple, powerful firewall for Ubuntu servers. Once you've installed HeatShield, you can easily manage firewalls across all of your servers without needing to SSH into any of them.
Although UFW is a popular firewall management tool for Ubuntu servers, it still has many "gotchas" administrators have to learn the hard way.
If your server is connected to a content delivery network (CDN), you can create a HeatShield ruleset to only allow HTTP/HTTPS access to your server from the IP addresses belonging to your CDN.
If you use Cloudflare's CDN (content delivery network), you can create a ruleset in HeatShield to only allow HTTP/HTTPS access to your server from those IP addresses belonging to Cloudflare.
When you connect a server managed by ServerPilot to HeatShield, HeatShield will install its own firewall and will automatically disable ServerPilot's firewall.
