How to Create Rules on Physgun Firewall

One of the biggest issues in the server hosting industry is network security. Most hosting services either leave too many ports open, making you vulnerable to attacks, or keep their ports far too restricted, leaving little room for client configuration. With Physgun’s firewall, you have full control over your server’s ports and security so you can keep your server safe while having plenty of room to adjust your settings.

The most common thing you’ll find yourself doing with the firewall is creating rules. Rules are what allow you to whitelist, block, or rate-limit traffic to your server’s IP address. In this guide, you’ll learn how to:

• Create New Rules
• Use the Whitelist Helper
• Properly use TPC, UDP, and ICMP protocols

Navigating the Firewall Portal

Assuming you have a deployed VPS, Dedicated Server, or Colocation service, you can access your firewall portal at https://portal.physgun.com. Just sign in using your billing portal login information.

Once you’re in the portal, you’ll be on the Dashboard page. At the very top of your portal, you’ll see a navigation bar. You can access filters, attack logs, and assign presets from here, but the one we’ll be looking at in this guide is the Rules tab. This is where you can open, close, or rate limit connections so your server is open to the public in places it needs to be, and blocked off where it’s vulnerable to DDoS attacks.

Creating New Rules

In the Rules tab, you’ll be met with an empty list. It’s time to change that. Click the Create Rule button in the top right corner. If at first all of this seems overwhelming, that’s ok. We’re going to break it down here:

1. Start by clicking the IP Address box. You should be given a list of server IP addresses that you have access to. Select the address you want to use.
   • If you don’t see the right address, manually type it in. If that doesn’t work, feel free to make a ticket.
2. Next, assign a name. By default, the name will just display the information as the name, but you can set it to whatever you’d like.
3. Below the name, you should see Source IP, Source ASN, and Source Country. This is the specific address, system number, or location that your rule will be targeting. For example, if you are setting this rule to block incoming traffic, you’ll be blocking whatever is defined in the source. Leaving the Source IP as 0.0.0.0/0 without defining a location will target all IP addresses. You can define specific IP addresses in the Source IP box. If you don’t know what to put into Source ASN, you probably don’t need to put anything there in the first place. If you specifically want to target IPs from a certain location, just select a source country.
4. Next, you’ll need to choose which protocol you want to use. This will either be TCP, UDP, ICMP, or All. Each of these serves a different function depending on the service you’re hosting (more on that in the next section). Below are the general uses for each protocol:
   • TCP - TCP is usually used for websites, file downloads, emails, and file transfers.
   • UDP - UDP is usually used for games, voice and video calls, and live streaming.
   • ICMP - ICMP is usually used for troubleshooting and debugging. It allows you to check latency, test connections, traceroute, and MTR.
   • All (Port Punch) - Port Punching is used when you want to whitelist or deny all traffic from a specific IP, ASN, or country, rather than using a single port or protocol. By default, an “All (Port Punch)” deny rule is applied to your server that cannot be removed. This is to minimize the potential attack surface on your IP and to ensure that only the required ports and protocols are accessible to the outside world.

If you’re having any trouble understanding protocols and where to use them, feel free to open up a support ticket. We would be more than happy to help! You should also consider looking at game or application-specific documentation. You can get some answers there too without having to wait for somebody to answer you.

Creating Rules Through Game Filters

Without going into too much detail with filters (that’s a different guide), you can use preset filters to automatically assign rules that match the game you want to host. To create a rule using game filters:

1. In the top navbar, click the Filters tab.
2. Click on Game Presets.
3. Enter your service’s IP address.
4. Select your game from the drop-down menu.
5. Each game filter has different information for you to fill out. If you’re not sure what to do, check for messages below each option. You’ll see default values or suggested arguments on most of them.
6. Make sure the Create Firewall Rules option is checked. This is what will create your rules.
7. Click Create Preset.

Using the Whitelist Helper

There’s one last thing for us to cover, and that’s the Whitelist Helper. This allows you to quickly set up whitelist rules for BattleMetrics, Tebex, Cloudflare, or other third-party addresses. To set up a rule using the Whitelist Helper:

1. Open the Whitelist Helper next to the Create Rule button.
2. Input or select your server’s IP address.
3. If you’re trying to connect BattleMetrics, Tebex, or Cloudflare, just select the box and click Whitelist.
4. If you want to connect to a different service, input the IP address manually. You can input multiple if you separate each one with a comma.

Conclusion

The Physgun Firewall gives you complete control over how traffic reaches your server, allowing you to strike the right balance between security and flexibility. Whether you’re creating custom rules, applying game-specific presets, or quickly whitelisting trusted services through the Whitelist Helper, understanding how firewall rules work is an important part of managing any VPS, dedicated server, or colocation service. By taking the time to properly configure your firewall, you can reduce unwanted traffic, improve security, and ensure that the services you want to run remain accessible to the people who need them.