How to Add Firewall Rule in HestiaCP

Prerequisites

Before adding firewall rules, make sure you have:

• Admin access to HestiaCP
• Firewall enabled

Method 1: Add via HestiaCP Web Interface

Step 1: Log in to HestiaCP

https://YOUR_SERVER_IP:8083

Step 2: Navigate to SERVER → Firewall

Click on SERVER, then Firewall tab.

Step 3: Click "Add Firewall Rule"

Click the green + Add Firewall Rule button.

Step 4: Configure Rule

• Action: ACCEPT or DENY
• Protocol: TCP, UDP, or ICMP
• Port: Port number (e.g., 3306 for MySQL)
• IP Address: Specific IP or 0.0.0.0/0 (all)
• Comment: Description (optional)

Step 5: Save

Click Add to create rule.

Common Firewall Rules

Allow MySQL access from specific IP:

Protocol: TCP | Port: 3306 | IP: 192.168.1.100 | Action: ACCEPT

Allow custom web application port:

Protocol: TCP | Port: 3000 | IP: 0.0.0.0/0 | Action: ACCEPT

Block specific IP address:

Protocol: Any | IP: 185.45.6.78 | Action: DENY

Method 2: Add via SSH (UFW)

Allow port 3306 (MySQL) only from specific IP:

ufw allow from 192.168.1.100 to any port 3306

Allow port 3000 (Node.js) for all:

ufw allow 3000/tcp

Deny specific IP:

ufw deny from 185.45.6.78

Allow specific IP full access:

ufw allow from 203.0.113.50

View Firewall Rules

ufw status numbered

Delete Firewall Rule

ufw delete 3