All Mammoth Cloud servers include access to a web-based firewall configuration tool free of charge. This firewall is external to the VPS and can be used to configure exactly what traffic you allow into (and out of) your server.
We suggest using the mPanel firewall for "broad strokes" like allowing SSH, HTTP, and nothing else, and then using your VPS' firewall for blocking individual IPs and more complex things that cannot be expressed purely as a single list.
As a general rule of thumb we recommend limiting the mPanel firewall to a maximum of ten rules and using your server's firewall to blacklist individual IPs.
Through our management panel customers can configure a list of rules that determine what happens to VPS traffic. Each rule consists of:
- One or more source addresses
- One or more destination addresses
- Optionally, one or more ports
- The action to take for matching traffic: block or allow
Once a suitable firewall configuration is in place, the "Save & Apply" button will immediately apply the chosen rules without requiring a server reboot.
If you make a mistake and block your remote access to the server, simply delete the rule and start over - as the web-based firewall operates outside the VPS, there is no possibility of permanently preventing your own access.
An import/export tool is also available, which provides the ability to manipulate the rules as a block of JSON-structured text. This allows rules to be created offline, or easily copied from one server to another.
Internal VPS Firewall
As the server administrator, you are able - and encouraged - to configure your server's own firewall in a suitable manner. Our VPS installs are pre-configured to respond to:
- ICMP ECHO ("ping") requests
- Listen for SSH connections (Linux only)
- Listen for Remote Desktop connections (Windows only)
For many customers, this initial firewall configuration provided is perfectly suitable as is.