How to setup Firewall on Hiddify panel - Xen-neX/Hiddify-Manager GitHub Wiki

flag_of_Iran  فارسی          

How to setup Firewall on Hiddify panel

What is a firewall?

Firewall refers to software or hardware that prevent access to computers or servers and control the traffic exchanged in the network. A firewall is actually a security tool that can be a software program or a dedicated network device. Here we are dealing with software firewall on Linux servers.

How Firewall works

The firewall of Linux servers can be managed in several ways, one of these methods is using a tool called IP Tables.

In this tool, a series of rules can be defined, by using which information packets are allowed to pass through different protocols.

Automatic firewall settings through the panel

By default, Hiddify turns on and controls the system firewall. For example, if you change the TLS or HTTP protocols in the Settings, the panel will automatically create the necessary rules for them. Even if you change the SSH port, the panel detects the new port and automatically changes the firewall settings according to your needs.

The settings related to the firewall panel can be accessed from the Settings section, in the General Settings section.

Firewall settings

Very important advice: Do not turn off the firewall panel. Turning off the firewall compromises your security.

Manual configuration of server firewall

  • If you need to open the port manually, SSH to your server first. If you don't know how to SSH, see this tutorial.

  • After SSH connection, you enter the Hiddify menu. Here, exit this menu by pressing Cancel or ctrl+c to enter the terminal. If the menu is still displayed after this, type the word clear and enter.

  • Use the following command in the terminal.

iptables -A INPUT -p tcp --destination-port PORT -j ACCEPT
  • Just replace the desired port with PORT in the above command. Suppose you want to open port 1234. Just change the above command like this and enter it in the terminal.
iptables -A INPUT -p tcp --destination-port 1234 -j ACCEPT
  • Or if you want to provide access to ping or ICMP packets; Just run the following command.
iptables -A INPUT -p ICMP -j ACCEPT
  • The work is done.
⚠️ **GitHub.com Fallback** ⚠️