RunCloud provides an interactive UI that allows you to configure Firewalld and Fail2ban settings directly from the dashboard. To view these settings, open the server settings page and click on “Security“.
Firewalld
You can use RunCloud’s dashboard to set and revoke firewall rules on your server. The default firewall is Firewalld, and the default zone is “runcloud“. It is recommended not to change the default zone as it may cause issues with the settings defined here. The default configuration has all ports to your server closed except for the TCP 22 (SSH), TCP 443 (HTTPS), and TCP 80 (HTTP).
The “Firewall Rules” section displays a table of any existing firewall rules that have been added to the server. The table shows the Type, Protocol, Port, IP Address, and Action for each rule. At the top of the table, there is an option to “Add New Rule“. You can also search for specific firewall rules using the “Search…” field at the top of the page.
To deploy the changes made in the firewall settings, you must click the “Deploy” button. Once you have deployed your firewall, any rules manually added via the command line on your server will be overwritten, so it is recommended to only use RunCloud’s dashboard to manage the rules.
Fail2Ban
RunCloud uses Fail2ban to protect your server from automated attacks. Fail2ban is a tool that monitors log files for suspicious activity, and blocks malicious IP addresses using firewall rules. It can help prevent brute force attacks, spamming, port scanning, and other unauthorized attempts to access your server.
However, if you make too many failed login attempts, your IP address will be blocked as well.
You can view a list of IP addresses that have been banned for attempting to brute force into your server. You can copy the IP address to your clipboard for future reference, or delete it from the banned list.
To allow a banned IP address to connect to your server, you will need to remove it from the list. At the top of the list, you can use the search bar to look up a specific IP address, and then remove an IP address by clicking the “Delete” button next to it.