Desktop as a service

Overview

Every VPS — Linux or Windows — should have a firewall.

A proper firewall:

  • Blocks unwanted traffic
  • Protects against automated attacks
  • Keeps services accessible only where needed
  • Reduces security risks dramatically

This guide explains how to configure your firewall on both Linux and Windows Server, using non-copyable commands in plain text.

🟩 

1. Firewall on Linux VPS (Ubuntu, Debian, etc.)

Most Linux VPS setups use UFW (Uncomplicated Firewall).

If UFW isn’t installed, we can install it for you, but here’s how to do it:

✔ Enable UFW

Run: “sudo ufw enable”

✔ Allow SSH access

Run: “sudo ufw allow ssh”

On some systems SSH uses port 22 by default.

If your SSH service uses a custom port (we’ll tell you), allow it by running:

“sudo ufw allow the-port-number-here”

✔ Allow a service (example: web server)

To allow HTTP: “sudo ufw allow http”

To allow HTTPS: “sudo ufw allow https”

Or using port numbers:

“sudo ufw allow 80”

“sudo ufw allow 443”

✔ Deny everything else by default

UFW already blocks everything except the rules you add.

✔ Check firewall status

Run: “sudo ufw status”

This shows which ports are open.

✔ Reset the firewall (only if needed)

Run: “sudo ufw reset”

🟦 

2. Advanced Linux Firewall (iptables or nftables)

Advanced users may prefer iptables or nftables.

✔ View rules

Run: “sudo iptables -L”

✔ Allow a port

Run: “sudo iptables -A INPUT -p tcp –dport your-port-number -j ACCEPT”

✔ Block everything else

Run: “sudo iptables -P INPUT DROP”

✔ Save rules

Depending on the distro:

  • Debian/Ubuntu: “sudo netfilter-persistent save”
  • RedHat-based: “sudo service iptables save”

We can also configure rate limiting, anti-DDoS filters, or fail2ban upon request.

🟧 

3. Hardening SSH (Extremely Important)

You should protect SSH immediately after setup.

✔ Change SSH port

Edit the SSH configuration file:

“sudo nano /etc/ssh/sshd_config”

Find the line that says “Port 22” and change it to your chosen port (we recommend something above 2000).

Then restart SSH:

“sudo systemctl restart sshd”

✔ Disable root login

In the same file, find: “PermitRootLogin yes”

Change it to: “PermitRootLogin no”

✔ Use SSH keys

Add your public key to: “~/.ssh/authorized_keys”

SSH keys are far safer than passwords.

🟨 

4. Firewall on Windows Server (Windows Defender Firewall)

Windows Server includes a built-in firewall that works extremely well.

✔ Opening RDP (Remote Desktop)

This is usually open by default.

If not:

  1. Open “Windows Defender Firewall with Advanced Security”
  2. Click “Inbound Rules”
  3. Enable “Remote Desktop (TCP 3389)”

✔ Allowing a specific port

If your application needs a port open (example: 8080):

  1. Open “Windows Defender Firewall with Advanced Security”
  2. Click “Inbound Rules”
  3. Click “New Rule”
  4. Choose “Port”
  5. Select “TCP”
  6. Enter the port number
  7. Allow the connection
  8. Choose the appropriate profiles (Domain, Private, Public)
  9. Name the rule

Example name: “MyApp 8080 Allow”

✔ Blocking a port

Follow the same steps as above, but choose “Block the connection”.

✔ Allowing an application

  1. In “Firewall & Network Protection”
  2. Choose “Allow an app through firewall”
  3. Add your .exe file
  4. Allow private and public access if needed

🟪 

5. Recommended Firewall Rules (Linux & Windows)

✔ Allow only what you use

  • SSH (Linux)
  • RDP (Windows Server)
  • HTTP/HTTPS if hosting web apps
  • Database ports only if they’re internal (never expose publicly!)
  • Custom application ports

✔ Block everything else

This prevents bots, scanners, and automated attacks.

✔ If using multiple cloud desktops

Use internal private IPs only.

Do NOT expose desktops publicly.

✔ If using databases

Do NOT open SQL ports to the world.

Use private IP only or VPN-only access.

🟥 

6. Advanced Security (We Can Configure for You)

We offer optional hardening:

  • Fail2ban (brute-force protection)
  • Dynamic firewall rules based on threats
  • Rate limiting
  • Geo-blocking countries
  • Server-to-server private encryption
  • Allowing access only through your VPN
  • Whitelist-only access

Just ask — we can configure everything for you.

🟫 

7. Troubleshooting

❌ “SSH connection refused”

  • Firewall blocking port
  • Wrong SSH port
  • SSH service down
  • VPN not connected (if using private IP mode)

❌ “RDP cannot connect”

  • RDP port blocked
  • Wrong IP
  • Windows Firewall rule missing
  • VPN required
  • Desktop booting slowly

❌ “Website not loading”

  • HTTP/HTTPS ports blocked
  • Web server not running
  • Wrong firewall rule order

❌ “My app can’t reach the database”

  • DB port blocked
  • DB allowed only on localhost
  • Wrong bind address

We can diagnose and fix these instantly.

✔ Summary

To secure your VPS:

Linux

  • Enable UFW
  • Allow SSH and app ports
  • Block everything else
  • Harden SSH
  • Use SSH keys
  • Optionally add fail2ban

Windows Server

  • Manage ports in Windows Defender Firewall
  • Open only the ports your app needs
  • Never expose databases publicly

Your VPS becomes far safer with just a few rules.