The integrated Firewall in CloudPanel is based on UFW, also known as Uncomplicated Firewall.
Developed to ease iptables firewall configuration, ufw provides a user-friendly way to create an IPv4 or IPv6 host-based firewall.
CloudPanel is being shipped with pre-configured rules to achieve higher security.
For higher security, whitelist the SSH Port (22) for your IPs only. The CloudPanel Port (8443) should only be whitelisted if you have a static ip.
To add a new Rule, click on the button Add Rule.
Select the Type, enter the Port Range, Source, and Description (optional) and click on Add Rule to apply the firewall rule.
- Click on the Rule you want to edit.
- Edit the Firewall Rule and click on the button Save.
- Select the Rule you want to remove and click on Delete.
If you don't have a static ip to close port 8443, a Basic Auth in front of CloudPanel is recommended to restrict the access.
To enable Basic Auth, click in the left menu on Security and then on the tab Basic Auth.
Enter a User Name and Password and click on Save to enable basic auth.
To enable Basic Auth via the command line, log in via SSH and execute the following command as the root user.
clpctl cloudpanel:enable:basic-auth --userName='john.doe' --password='password123'
To disable Basic Auth, click in the left menu on Security and then on the tab Basic Auth.
To disable Basic Auth via the command line, log in via SSH and execute the following command as the root user.