How to set up a firewall on your VPS (and why you need one)

The moment your server comes online it has a public address, and the whole internet can reach it. That's the point — you want people to visit your site. But "the whole internet" also includes automated bots that do nothing all day but knock on every door of every server they can find, looking for one left open.

You don't have to be a target for this to matter. Bots aren't picky; they scan everything, constantly. A firewall is how you make sure the only doors that open are the ones you meant to leave open.

What a firewall actually does

Picture your server as a building with thousands of numbered doors — they're called ports. Each service running on the machine listens at one: a website at doors 80 and 443, the remote login you use to manage the server at door 22, a database at another.

A firewall is the doorman. It looks at every knock and decides: let it through, or turn it away. Without one, every door is potentially answerable. With one, you pick the short list of doors that open and the rest simply don't respond — as if there's nothing there to find.

Why a fresh server needs one on day one

A new server often has more doors open than you'd guess. Install a piece of software and it may quietly start listening on a port you never think about again. Every open door is something that has to stay patched and locked — and a way in if it doesn't.

A firewall flips the default. Instead of "everything's open unless I close it," you get "everything's closed unless I open it." That one change shrinks the number of ways into your server from thousands down to the two or three you actually use.

The one rule: open only what you use

Good firewall setup is almost boring, and that's the point. The rule is simple: default closed, open the few doors your services need.

For a typical server that's a short list:

• 80 and 443 — web traffic, so visitors can reach your site (443 is the HTTPS one behind the padlock),
• 22 — the remote login you use to manage the machine.

That's often all of it. Everything else stays shut. If you add a service later that needs its own door, you open that one door, on purpose — and nothing else.

The mistake that locks you out

There's one classic way to ruin your afternoon: closing the door you're sitting in. The remote login at port 22 is how you reach the server. Switch the firewall on with that door shut and you've locked yourself out of your own machine — no way back in except your provider's emergency console.

So the order matters: make sure your own way in stays open before you close everything else. It's the single thing worth double-checking, every single time.

The shortcut

You can set all this up by hand — there's a standard firewall tool on most servers, with its own syntax to learn and its own way of locking you out if you get the order wrong. Or you can let Server Manager handle it: it shows you which doors are open right now, closes the ones you don't need, keeps your own way in safe, and won't leave you stranded outside. You say what the server is for; it works out which doors belong open.

And if a site ever stops loading right after a change, a closed door is one of the first things to check — it's one of the three layers that decide whether your site is reachable.

Quiet safety

A firewall isn't exciting, and that's exactly why it works. Set up right, you stop thinking about it: the bots keep knocking, every door but yours stays shut, and your server just gets on with its job.

It pairs with the other unglamorous habit that saves you on a bad day — keeping backups you can actually restore. Together, those two are most of what "securing a server" really means. The help guides go deeper whenever you want the details.