Setting up a Firewall on an s0.d1.small BMC Instance

Introduction

The s0.d1.small Bare Metal Cloud server instance is an affordable, single-CPU, general-purpose instance suitable for a broad array of workloads. One possible use case is using it for setting up a firewall to create a barrier for unwanted network traffic.

This tutorial shows how to set up a firewall on an s0.d1.small BMC server instance.

Setting up a firewall on an s0.d1. BMC instance.

Prerequisites

  • Access to the command line/terminal with administrator privileges.
  • A Bare Metal Cloud (BMC) Portal account.

How to Set Up a Firewall on the s0.d1.small BMC Instance?

Follow the steps outlined below to set up a firewall on your Bare Metal Cloud server instance.

Step 1: Deploy s0.d1.small BMC Instance

1. Log in to the BMC portal with your phoenixNAP credentials. If you are a new client, create a Bare Metal Cloud account.

2. Follow the steps outlined in our tutorial for deploying a new Bare Metal Cloud server and get your server up and running in minutes.

  • Click the Select button to choose the s0.d1.small instance in the server configuration step.
Selecting an s0.d1.small BMC server instance.

Note: If the server instance is unavailable, click the Contact Sales button for more information about availability. If the server instance is available in a different location, the Available Locations button appears, allowing you to choose an alternative server location.

  • Select the OS you want for your server and click Next. We've chosen Ubuntu Bionic for this tutorial as it is free, open-source, and deploys in around 60 seconds.
Select the operating system for the small instance server.

3. Use SSH to connect to the new BMC server and set up a firewall.

Note: If you are new to SSH, read our tutorial to see how to use SSH to connect to a remote server in Linux or Windows.

Connect to the server via SSH using the allocated public IP address:

ssh ubuntu@<your public IP>
Use SSH to connect to the BMC server.

Step 2: Install a Firewall

After deploying the server and connecting to it, install a firewall on your Bare Metal Cloud server. Depending on your preferences, you can use several different firewall solutions, such as UFW or iptables.

For this tutorial, we will use the iptables firewall, which comes preinstalled in most Linux distros, and offers a variety of advanced settings.

You can run the install command to make sure the firewall is installed:

sudo apt-get install iptables
Install the iptables firewall on Linux.

Note: Install the persistent package to keep iptables firewall rules after rebooting the system. Run: sudo apt-get install iptables-persistent.

Since this BMC server has iptables already installed, the output shows the version.

Step 3: Set up the Firewall

After installing iptables, define rules for the firewall to improve your network security. Our ultimate iptables tutorial guides you through setting up each rule and appending it to the chain. Before defining the rules, all chains are set to ACCEPT. As a result, any packet can come through unfiltered.

Run the following command to view the current set of rules on your server:

sudo iptables -L
See the existing iptables rules.

The steps below show how to define some basic firewall rules and append them to the chain.

1. Define Rules

When you define a rule in iptables it means you are appending it to a chain. The syntax for defining new rules is:

sudo iptables -A [option]

The available options are:

  • -i (interface) - Specify a network interface whose traffic you want to filter (e.g., eth0, lo, ppp0, etc.).
  • -p (protocol) - Specify the network protocol you want to filter (e.g., TCP, UDP, ICMP, ICMPv6, etc.). Specifying all chooses every protocol.
  • -s (source) - Specify an address, hostname, or IP address for incoming traffic.
  • --dport (destination port) - Define the destination protocol port number (22 for SSH443 for HTTPS, etc.).
  • -j (target) - Specify the target name - ACCEPTDROPRETURN each time you make a new rule.

Using all the options requires the following order:

sudo iptables -A [chain] -i [interface] -p [protocol (tcp/udp) ] -s [source] --dport [port number]  -j [target]

In the following example, we have instructed iptables to keep the SSH connection working as usual and accept connections:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT

The iptables firewall also allows you to filter connections based on an IP address or a range of IP addresses. For example, running the following command instructs iptables to accept connections from the specified IP address:

sudo iptables -A INPUT -s 87.116.140.66 -j ACCEPT

You can check if the rules have been appended by running:

sudo iptables -L -v
Check if the rules you defined have been defined.

2. Save Changes

To prevent losing your iptables rules after a reboot, make sure to save your changes by running:

sudo /sbin/iptables-save
Make iptables rules persist after reboot.

The output lists the rules and saves them.

3. Delete Rules

If you want to start over and define new rules, use the -F (flush) option:

sudo iptables -F

To delete a specific rule, you need to specify its line number. See all rule line numbers by running:

sudo iptables -L --line-numbers
See line numbers of existing iptables rules.

The output lists all the rules and states their line numbers. Now you can use the following syntax to delete a specific rule:

sudo iptables -D INPUT [rule line number]

For example:

Delete a specific rule in iptables.

The output shows that only rule number 1 remains after instructing iptables to delete rule number 2.

Why Set Up a Firewall on s0.d1.small BMC Instance?

There are several benefits to setting up a firewall on a s0.d1.small BMC instance:

  • Low cost. The small BMC instance costs only $0.10/h, and it is well suited for a wide variety of workloads, including a firewall. Additionally, the s0 BMC server can also serve as a load balancer, distributing traffic across multiple servers.
  • Secure. Improving network security is essential for any business, and the small s0 BMC instance is perfect for setting up a firewall to increase your network infrastructure security. Each BMC server instance also comes with free 20 Gbps DDoS protection.
  • Automated. With 20 pre-configured and fine-tuned instances, you can have your server up and running in only a few clicks. Finish setting up your firewall in minutes, and you can focus on your business, which is now safe from network attacks.

Conclusion

By following this tutorial, you should know how to set up a firewall on an s0.d1.small Bare Metal Cloud instance easily and quickly. The small and cheap BMC instance acts as a shield, protecting your business from network threats.

Was this article helpful?
YesNo
Bosko Marijan
Having worked as an educator and content writer, combined with his lifelong passion for all things high-tech, Bosko strives to simplify intricate concepts and make them user-friendly. That has led him to technical writing at PhoenixNAP, where he continues his mission of spreading knowledge.
Next you should read
How to Set Up a Firewall with UFW on Ubuntu 18.04
December 1, 2022

UFW is a simple interface implemented on top of iptables that provides an easier way to configure a firewall. Use it to define rules of communication to and from a server and ensure your Ubuntu 18.04 is protected.
Read more
How to Enable and Use firewalld on CentOS 7
September 4, 2019

This phoenixNAP guide instructs how to enable and start firewalld on CentOS 7. It explains basic firewall zone concepts and teaches you how to work with default firewalld zones.
Read more
How to Configure Windows Server 2012 Firewall
September 17, 2018

Firewalls have become an essential part of every network that has access to the Internet. Without firewalls, anyone would be able to access your network and servers and infect them with malicious software.
Read more
How to Set Up a Load Balancer on an s0.d1.small BMC Server
October 7, 2021

Load balancing helps maximize the server farm resources, avoiding overloads. Learn how you can set up phoenixNAP's cheapest BMC instance as a load balancer in this tutorial.
Read more