> ## Documentation Index
> Fetch the complete documentation index at: https://help.onetsolutions.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Firewall Rules

> Configure firewall rules to protect your VPS

The built-in firewall allows you to control inbound and outbound traffic to your VPS through the OnetSolutions control panel.

<Info>
  **Prerequisites**

  * A VPS with OnetSolutions
  * An OnetSolutions account
</Info>

## How the Firewall Works

<Warning>
  When you add your first firewall rule, the firewall becomes active and **blocks all traffic by default**. You must explicitly allow the traffic you want to permit.
</Warning>

Removing all rules will deactivate the firewall entirely.

## Creating Firewall Rules

When adding a new rule, you'll need to specify:

| Field                   | Description                                    |
| ----------------------- | ---------------------------------------------- |
| **Priority**            | Value between 10-100 (lower = higher priority) |
| **Direction**           | INPUT (incoming) or OUTPUT (outgoing)          |
| **Action**              | ACCEPT (allow) or DROP (block)                 |
| **Protocol**            | TCP, UDP, or ICMP                              |
| **Source IP/Port**      | Source address and port range                  |
| **Destination IP/Port** | Destination address and port range             |

## Common Rules

<Accordion title="Allow SSH (Port 22)">
  * Priority: 10
  * Direction: INPUT
  * Action: ACCEPT
  * Protocol: TCP
  * Destination Port: 22
</Accordion>

<Accordion title="Allow HTTP/HTTPS (Ports 80, 443)">
  Create two rules:

  * Priority: 20 / Direction: INPUT / Action: ACCEPT / Protocol: TCP / Destination Port: 80
  * Priority: 21 / Direction: INPUT / Action: ACCEPT / Protocol: TCP / Destination Port: 443
</Accordion>

<Accordion title="Allow Ping (ICMP)">
  * Priority: 30
  * Direction: INPUT
  * Action: ACCEPT
  * Protocol: ICMP
</Accordion>

## Best Practices

<Tip>
  * Always allow SSH access before activating the firewall
  * Use specific IP ranges when possible instead of allowing all IPs
  * Regularly review and update your firewall rules
  * Test new rules carefully to avoid locking yourself out
</Tip>

<Note>
  If you lock yourself out, use the [KVM Console](/vps/kvm-console) to access your server and fix the configuration.
</Note>
