In its default form, ISPConfig comes packaged with a software firewall. A software firewall is better than no firewall but they have their limitations. Software firewalls can quickly become overwhelmed. Especially when dealing with large amounts of traffic. Like when a server is under a brute-force attack. A much better solution for your ISPConfig Firewall would be a network firewall. We will configure the ISPConfig Firewall security group to protect your server.
Network firewalls filter traffic as they enter the network. The network firewall sits above all our Discovery NVMe VPS Servers. It can process large amounts of data, fast. We’re going to activate the ISPConfig security group. But we will also provide the ports just in case you want to use the default firewall or something like CSF.
Default Firewall Ports
The default ports that ISPConfig requires to function are;
TCP
20,21,22,25,80,443,40110:40210,110,143,465,587,993,995,53,8080,8081
UDP
53Configure ISPConfig Firewall
Because it would be time-consuming to configure these rules in your control panel. We have created a Security Group for ISPConfig. To activate the firewall,
From your Discovery control panel, click the “Firewall” icon or text link to the left.
- Click the three dots on the right
- Click “Add Security Group”
- Enable the rule
- Select “ISPConfig-firewall”
- Select “net0” in the Interface section
- Click Save
In the firewall section, you will now notice that the Security Group is enabled. This has opened all of the required ports in the firewall. But, the policy is still set to accept.
We need to change the incoming policy to “Reject” or “Drop“. This will reject traffic to all other ports except the ones listed above.
- Select the Firewall Options Link
- Click the Pencil icon on the top right.
- Update the input policy to reject
And that’s the process complete. Your network firewall for ISPConfig is enabled and filtering traffic. You can open custom ports by adding more firewall rules to your control panel.
