The s0.d1.small Bare Metal Cloud server instance is an affordable, single-CPU, general-purpose instance suitable for a broad array of workloads. One possible use case is using it for setting up a firewall to create a barrier for unwanted network traffic.
This tutorial shows how to set up a firewall on an s0.d1.small BMC server instance.
- Access to the command line/terminal with administrator privileges.
- A Bare Metal Cloud (BMC) Portal account.
How to Set Up a Firewall on the s0.d1.small BMC Instance?
Follow the steps outlined below to set up a firewall on your Bare Metal Cloud server instance.
Step 1: Deploy s0.d1.small BMC Instance
1. Log in to the BMC portal with your phoenixNAP credentials. If you are a new client, create a Bare Metal Cloud account.
2. Follow the steps outlined in our tutorial for deploying a new Bare Metal Cloud server and get your server up and running in minutes.
- Click the Select button to choose the s0.d1.small instance in the server configuration step.
Note: If the server instance is unavailable, click the Contact Sales button for more information about availability. If the server instance is available in a different location, the Available Locations button appears, allowing you to choose an alternative server location.
- Select the OS you want for your server and click Next. We've chosen Ubuntu Bionic for this tutorial as it is free, open-source, and deploys in around 60 seconds.
3. Use SSH to connect to the new BMC server and set up a firewall.
Note: If you are new to SSH, read our tutorial to see how to use SSH to connect to a remote server in Linux or Windows.
Connect to the server via SSH using the allocated public IP address:
ssh ubuntu@<your public IP>
Note: You can also use the BMC Remote Console to connect to your server remotely.
Step 2: Install a Firewall
After deploying the server and connecting to it, install a firewall on your Bare Metal Cloud server. Depending on your preferences, you can use several different firewall solutions, such as UFW or iptables.
For this tutorial, we will use the iptables firewall, which comes preinstalled in most Linux distros, and offers a variety of advanced settings.
You can run the
install command to make sure the firewall is installed:
sudo apt-get install iptables
Note: Install the persistent package to keep iptables firewall rules after rebooting the system. Run:
sudo apt-get install iptables-persistent.
Since this BMC server has iptables already installed, the output shows the version.
Step 3: Set up the Firewall
After installing iptables, define rules for the firewall to improve your network security. Our ultimate iptables tutorial guides you through setting up each rule and appending it to the chain. Before defining the rules, all chains are set to
ACCEPT. As a result, any packet can come through unfiltered.
Run the following command to view the current set of rules on your server:
sudo iptables -L
The steps below show how to define some basic firewall rules and append them to the chain.
1. Define Rules
When you define a rule in iptables it means you are appending it to a chain. The syntax for defining new rules is:
sudo iptables -A [option]
The available options are:
-i(interface) - Specify a network interface whose traffic you want to filter (e.g., eth0, lo, ppp0, etc.).
-p(protocol) - Specify the network protocol you want to filter (e.g., TCP, UDP, ICMP, ICMPv6, etc.). Specifying
allchooses every protocol.
-s(source) - Specify an address, hostname, or IP address for incoming traffic.
--dport(destination port) - Define the destination protocol port number (
443for HTTPS, etc.).
-j(target) - Specify the target name -
RETURNeach time you make a new rule.
Using all the options requires the following order:
sudo iptables -A [chain] -i [interface] -p [protocol (tcp/udp) ] -s [source] --dport [port number] -j [target]
In the following example, we have instructed iptables to keep the SSH connection working as usual and accept connections:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
The iptables firewall also allows you to filter connections based on an IP address or a range of IP addresses. For example, running the following command instructs iptables to accept connections from the specified IP address:
sudo iptables -A INPUT -s 22.214.171.124 -j ACCEPT
You can check if the rules have been appended by running:
sudo iptables -L -v
2. Save Changes
To prevent losing your iptables rules after a reboot, make sure to save your changes by running:
The output lists the rules and saves them.
3. Delete Rules
If you want to start over and define new rules, use the
-F (flush) option:
sudo iptables -F
To delete a specific rule, you need to specify its line number. See all rule line numbers by running:
sudo iptables -L --line-numbers
The output lists all the rules and states their line numbers. Now you can use the following syntax to delete a specific rule:
sudo iptables -D INPUT [rule line number]
The output shows that only rule number 1 remains after instructing iptables to delete rule number 2.
Why Set Up a Firewall on s0.d1.small BMC Instance?
There are several benefits to setting up a firewall on a s0.d1.small BMC instance:
- Low cost. The small BMC instance costs only $0.10/h, and it is well suited for a wide variety of workloads, including a firewall. Additionally, the s0 BMC server can also serve as a load balancer, distributing traffic across multiple servers.
- Secure. Improving network security is essential for any business, and the small s0 BMC instance is perfect for setting up a firewall to increase your network infrastructure security. Each BMC server instance also comes with free 20 Gbps DDoS protection.
- Automated. With 20 pre-configured and fine-tuned instances, you can have your server up and running in only a few clicks. Finish setting up your firewall in minutes, and you can focus on your business, which is now safe from network attacks.
By following this tutorial, you should know how to set up a firewall on an s0.d1.small Bare Metal Cloud instance easily and quickly. The small and cheap BMC instance acts as a shield, protecting your business from network threats.