← HeatShield Docs

IP Packet Filter

What Is an IP Packet Filter?

You do not need to use the IP Packet Filter in order to use the WordPress Firewall. An IP Packet Filter is a very low-level firewall only looks at the source and destination of data packets received by your server.

Is the IP Packet Filter Required to Protect WordPress?

The IP Packet Filter is not required to use the WordPress Web Application Firewall (WAF). WordPress WAF In order to use the WordPress WAF, you only need to install the HeatShield agent on your server where WordPress is running.

When Should I Use the IP Packet Filter?

The IP Packet Filter is useful in the following situations: Blocking SSH Brute Force Attacks If you're experiencing SSH brute force login attacks, HeatShield can block those attacks.

IP Packet Filter Server Requirements

This page is about the IP Packet Filter. To instead use our WordPress Firewall, see our WordPress hosting requirements. Installing the IP Packet Filter requires the following:

Configuring Server Firewall Rules

Configuring firewall rules and rulesets is a paid feature. For servers on the free plan, learn about our free plan firewall rules.

Fail2ban Alternative

For users migrating from Fail2ban, HeatShield IP Packet Filter offers a way to have the increased security of automated brute force protection with additional benefits of modern firewall management, including: Complete firewall.

Firewall Management for Amazon Lightsail Servers

HeatShield offers two distinct advantages over Amazon Lightsail's very simple firewall options: the ability to restrict source addresses and SSH brute force protection.

Firewall Management for DigitalOcean Servers

HeatShield was designed to make firewall management for DigitalOcean servers easy and painless. DigitalOcean's simplicity made it possible for many more people to easily deploy and run their own cloud servers.

Firewall Management for Linode Servers

HeatShield is the simplest and safest way to manage a powerful firewall on your Linode servers. As one of the oldest cloud server providers, Linode has made it easy to deploy and run a cloud server.

Firewall Management for Rackspace Servers

HeatShield is the easiest and safest way to configure and manage firewalls on your Rackspace cloud servers. Rackspace was one of the first server providers to make cloud server deployment simple and accessible to all developers.

Free Features of the IP Packet Filter

For servers on the free plan, HeatShield configures a firewall with the following traffic allowed to your server. To Action From -- ------ ---- 22/tcp SSH ALLOW Anywhere 80/tcp HTTP ALLOW Anywhere 443/tcp HTTPS ALLOW Anywhere All other traffic to your server is blocked.

How to Install the IP Packet Filter

To enable the IP Packet Filter on your server, you will need SSH access to your server as root.

iptables Alternative

Instead of managing fragile iptables rules directly, HeatShield provides an iptables alternative that allows developers and server administrators to safely configure firewalls without risk and complexity.

Paid Features of the IP Packet Filter

For servers on the paid plan, HeatShield allows you to create and manage custom firewall rulesets. Learn more about managing rulesets.

Securing a Mail Server with a Firewall

If you host your own mail server, you can easily use HeatShield to configure your firewall for email. Specifically, you will want to open the following ports:

Securing cPanel with a Firewall

Because cPanel installs many different services on your server, you need to open a variety of ports depending on your goals and usage.

Securing DNS Servers with a Firewall

The Domain Name System, or DNS, speaks over TCP port 53 and UDP port 53. If you are hosting a DNS server, you will need to configure your firewall to allow traffic through these ports.

Securing Memcached with a Firewall

According to the Memcached documentation, "you must not expose memcached directly to the internet, or otherwise any untrusted users." Memcached was not designed to be secure without a firewall blocking access from all IP addresses except those that belong to your own application servers.

Securing MongoDB with a Firewall

According to the MongoDB documentation, you should ensure only trusted hosts have access to MongoDB to reduce the risk exposure of the entire MongoDB system.

Securing MySQL with a Firewall

As with any database, you should restrict access to your MySQL server so it can only be accessed from IP addresses that need to communicate with it.

Securing OpenVPN with a Firewall

With HeatShield, you can restrict the firewall for your OpenVPN Access Server so it can only be accessed from the IP addresses that need to communicate with it.

Securing Plesk with a Firewall

When used as a control panel, Plesk installs several services on your server. For those services to run correctly, you need to configure your firewall to open the ports needed for the services you wish to use.

Securing PostgreSQL with a Firewall

With HeatShield, you can restrict access to your PostgreSQL database server so it can only be accessed from the IP addresses that need to communicate with it.

Securing Redis with a Firewall

According to the Redis documentation, Redis is designed to only be accessed by trusted clients. That means it is not safe to leave Redis exposed without a firewall.

Securing SSH with a Firewall

When you connect a server, HeatShield automatically configures a firewall rule to allow access to the standard SSH port (22) from any IP address.

Securing Webmin with a Firewall

If you use Webmin on your server, you can create a ruleset in HeatShield to limit access to only your server's administrator.

SSH Brute Force Protection

The IP Packet Filter dynamically updates your server's firewall to block IP addresses that have attempted brute force SSH login attacks from any further attacks.

Types of Server Firewall Rules

Each firewall rule consists of three parts: Action: whether traffic should be allowed or denied Destination port: the destination TCP or UDP port (or range of ports) the rule pertains to Source address: the source IP address (or range of addresses) the rule pertains to Action All traffic to your server that is not explicitly allowed due to an allow rule is blocked.

Ubuntu Firewall

HeatShield provides a simple, powerful firewall for Ubuntu servers. Once you've installed HeatShield, you can easily manage firewalls across all of your servers without needing to SSH into any of them.

UFW Alternative

Although UFW is a popular firewall management tool for Ubuntu servers, it still has many "gotchas" administrators have to learn the hard way.

Using a Firewall with a CDN

If your server is connected to a content delivery network (CDN), you can create a HeatShield ruleset to only allow HTTP/HTTPS access to your server from the IP addresses belonging to your CDN.

Using a Firewall with Cloudflare

If you use Cloudflare's CDN (content delivery network), you can create a ruleset in HeatShield to only allow HTTP/HTTPS access to your server from those IP addresses belonging to Cloudflare.

Using a Firewall with ServerPilot

When you connect a server managed by ServerPilot to HeatShield, HeatShield will install its own firewall and will automatically disable ServerPilot's firewall.

Advanced security for your WordPress sites