The most used ports are automatically opened based on the operating system of your VPS. You are of course free to close these default ports if you do not use them.
In this article, we explain in more detail how the VPS Firewall works, and which ports are automatically opened per operating system.
- The VPS Firewall uses Iptables on the underlying hypervisor which hosts your VPS.
- A maximum of 50 rules can be added.
- The firewall allows all traffic as long as no rules are configured (no rules = allow all). If at least one rule exists, all other ports are blocked.
- When cloning a VPS, the cloned VPS automatically takes over all VPS Firewall settings from the original VPS.
- When restoring a back-up, or snapshot of your VPS, your VPS Firewall settings as they are remain intact. The settings at the time of the back-up or snapshot was made, remain intact.
- When restoring a snapshot on another VPS, the current configuration of that other VPS remains intact.
- TCP / UDP traffic is blocked, ICMP is allowed.
- When transferring a VPS to another TransIP account (handover) the VPS Firewall settings are automatically transferred.
Enabling the VPS Firewall
The VPS Firewall is disabled by default, but from the control panel, you can easily enable it for one VPS and / or all your future VPSs (i.e. new VPSs and reinstallations of existing VPSs).
Log in to your control panel and navigate to the relevant VPS.
Click the cogwheel behind 'Network' (directly under the VPS console) and click 'VPS Firewall'.
Enable the firewall by setting the switch to 'On' behind 'Enable VPS Firewall for this VPS'.
The most commonly used ports are then automatically opened (within a minute) and the status will say 'On'.
You can also enable the VPS Firewall for all future VPSs here, by enabling the switch behind 'Enable VPS Firewall for all future VPSs'. The most used ports are therefore automatically opened for your future and reinstalled VPSs.
You have the freedom to open or close ports yourself and can create a maximum of 50 firewall rules per VPS.
You have two options for opening ports: use a pre-configured rule or create a custom rule.
- Do you want to use a pre-configured rule? Then click the 'Custom' drop-down menu and select the desired rule.
- Do you want to create your own firewall rule? Under 'Description', enter the name / description, under 'Whitelist IP (range)' optionally the IP's for which you want the rule to apply, under 'Port range', the port(s) you want to open and under 'Protocol', whether you want to make the port accessible via TCP, UDP, or TCP & UDP.
Please note: the custom rules also list the DirectAdmin, Plesk and cPanel default ports. This option only enables the ports required by these control panels to show the webinterface. It does not include the mail, http(s), etc. ports which should be enabled seperately.
You can close ports easily by clicking the cross behind a rule, followed by 'Save'.
You can use IP whitelisting with the VPS firewall. This allows you to open a port(range) only for specific IP addresses.
IP addresses are whitelisted by adding the desired IP address and / or ranges under 'Whitelist IP (range)' at the desired firewall rule. In a single rule you can whitelist a maximum combination of 20 IPv4 and/or IPv6 addresses by seperating them using commas (e.g. 22.214.171.124, 126.96.36.199.0/24)
After enabling the VPS Firewall, the most used ports are automatically opened based on your operating system.
At any time you can restore the default configuration for your OS by clicking 'Restore default configuration'.
In the overview below, you will find an overview of the ports which are automatically opened when the VPS Firewall is enabled per OS / control panel. Unless otherwise stated, these are TCP ports in all cases.
- Linux and BSD operating systems
- 80: HTTP
- 443: HTTPS
- Windows 2012, 2016, 2019
- 68 (UDP): DHCP IPv4
- 546 (UDP): DHCP IPv6
- 3389 (TCP & UDP): Remote Desktop (RDP)
- 5353 (UDP): Multicast DNS
- 7680: Windows Update Delivery Optimization (snellere Windows updates & store downloads)
- 25: SMTP
- 80: HTTP
- 110: POP3
- 143: IMAP
- 443: HTTPS
- 993: Secure IMAP
- 995: Secure POP3
- 2082: cPanel-webinterface via HTTP
- 2083: cPanel-webinterface via HTTPS
- 2086: WHM-webinterface via HTTP
- 2087: WHM-webinterface via HTTPS
- 2095: Webmail via HTTP
- 2096: Webmail via HTTPS
- 30000 - 35000: FTP passive port range
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.
If you want to discuss this article with other users, please leave a message under 'Comments'.