Prerequisites
Before enabling the firewall, make sure you have:
- Admin access to HestiaCP
- Current SSH session (to avoid lockout)
⚠️ Always allow SSH port BEFORE enabling firewall to avoid locking yourself out!
Method 1: Enable via HestiaCP Web Interface
Step 1: Log in to HestiaCP
https://YOUR_SERVER_IP:8083Step 2: Navigate to SERVER Section
Click on SERVER in the top menu bar.
Step 3: Click Firewall Tab
Click on the Firewall tab.
Step 4: Add SSH Rule First
Click + Add Firewall Rule:
- Action: ACCEPT
- Protocol: TCP
- Port: 22 (or your SSH port)
- IP Address: 0.0.0.0/0 (all)
Step 5: Enable Firewall
Click the Enable Firewall button.
Step 6: Verify
Status changes to Active.
Method 2: Enable via SSH (UFW)
ssh hxroot@YOUR_SERVER_IP -p 22Allow SSH:
ufw allow 22/tcpAllow HestiaCP port:
ufw allow 8083/tcpEnable firewall:
ufw enableCheck status:
ufw status verboseDefault Firewall Rules in HestiaCP
When enabled, HestiaCP typically allows:
| Port | Service |
|---|---|
| 22/TCP | SSH |
| 80/TCP | HTTP |
| 443/TCP | HTTPS |
| 21/TCP | FTP |
| 25/TCP | SMTP |
| 465/TCP | SMTPS |
| 587/TCP | SMTP Submission |
| 993/TCP | IMAPS |
| 995/TCP | POP3S |
| 8083/TCP | HestiaCP |
Check Firewall Status
ufw status✅ Firewall has been enabled successfully!