leaseweb knowledge base logo - white color on the orange background
leaseweb knowledge base logo - white color on the orange background

Managing Leaseweb VPS firewall

< Back

Managing Leaseweb VPS firewall

For your VPS Leaseweb offers free Basic Firewall functionality which you can enable to restrict and control access to the VPS.

By default, the firewall is created with an allow-all rule. This allows all incoming traffic to your VPS. By just removing this rule, you will block all traffic to the VPS. Make sure to create rules to allow traffic to your VPS.

Creating firewall rules

To selectively grant access for traffic from certain IP addresses to reach a few selected ports of your VPS, you will need to create firewall rules. Based on these rules, traffic from specified IP address ranges is allowed to reach your VPS using the specified protocol and to the specified ports.

Information

The firewall functionality works only with IPv4 addresses. 

To create a new ingress firewall rule:

  1. Login to the Customer Portal and choose Virtual Private Server -> Leaseweb VPS
  2. Click on a VPS and click on Manage VPS, to go to the Management page
  3. Click the Security tab
  4. Choose a Name for your firewall rule
  5. Choose protocol (ALL, UDP, TCP or ICMP)
  6. Set the IP range (this needs to be in subnet format)
  7. Set the port range (for a single port set the same number for the start and end port)
  8. Click Save

Managing Leaseweb VPS firewall - Frequently Asked Questions

  • How do I allow the whole internet to connect to my service?

    The network range “0.0.0.0/0” denotes the whole internet and will allow every network range and IP address access to the port (range) you select.

     

     

  • My firewall settings block all traffic, but I still see incoming traffic in the data traffic graphs, what is going on there?

    Even though the traffic gets blocked from reaching your server, it is still coming into the Leaseweb network. Blocked traffic is still calculated as part of the data traffic for your server and therefore displayed in the data traffic graphs.

     

     

  • Does Leaseweb block any ports?

    Please check here for the most recent policies, terms and conditions on what connectivity is blocked and when Leaseweb is entitled to block more. At the time of writing the following ports are blocked on the network level:

      • UDP/137 – Netbios

      • UDP/139 – Netbios

      • TCP/135 till 139 – Netbios

      • TCP/445 – Smb

      • UDP/11211 – Memcache

     

     

  • Does the firewall block outgoing traffic?

    No. All outgoing traffic is allowed. It is also not possible to block specific outgoing traffic with custom firewall rules.

     

     

  • Does the firewall automatically allow related traffic, such as for instance to the DATA port in passive FTP?

    No, the firewall does not automatically allow related traffic.

    If you want to allow FTP in combination with the basic firewall it is recommended that you configure your FTP server to use only a restricted range of ports for passive FTP and then open that range with a specific rule in addition to the default TCP port 21 used for the FTP command channel.

     

     

  • add firewall rule, lsw vps, vps, vps firewall