Partners
Methods of payment
Contact
-
Russia8 (800) 707-83-77 -
United Kingdom+44 (20) 4577-20-00 -
USA+1 (929) 431-18-18 -
Israel+972 (55) 507-70-81 -
Brazil+55 (61) 3772-18-88 -
Canada+1 (416) 850-13-33 -
Czech Republic+420 (736) 353-668 -
Estonia+372 (53) 683-380 -
Greece+30 (800) 000-02-04 -
Ireland+353 (1) 699-43-88 -
Iceland+354 (53) 952-99 -
Lithuania+370 (700) 660-08 -
Netherlands+31 (970) 1027-77-87 -
Portugal+351 (800) 180-09-04 -
Romania+40 (376) 300-641 -
Sweden+46 (79) 008-11-99 -
Slovakia+421 (2) 333-004-23 -
Switzerland+41 (22) 508-77-76 -
Moldova+373 (699) 33-1-22
English
Site protection: firewall settings
- Main
- Knowledge base
- Site protection: firewall settings
10.04.2025, 20:26
To prevent attacks on the site via direct IP, it is highly recommended to set up a firewall on the server that restricts access to 80/tcp and 443/tcp ports.
Here are the networks that need to be added to the firewall whitelist
77.220.207.0/24
45.10.240.0/24
45.10.241.0/24
45.10.242.0/24
186.2.160.0/24
186.2.164.0/24
186.2.167.0/24
186.2.168.0/24
185.178.209.197/32
190.115.30.44/32Below are examples of settings for popular firewalls.
Please note that these are sample commands, not a ready-made set of settings for your server — use them only after making sure that they will not break the project.
Example of iptables settings
iptables -I INPUT -s 77.220.207.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 77.220.207.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 45.10.240.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 45.10.240.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 45.10.241.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 45.10.241.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 45.10.242.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 45.10.242.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 186.2.160.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 186.2.160.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 186.2.164.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 186.2.164.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 186.2.167.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 186.2.167.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 186.2.168.0/24 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 186.2.168.0/24 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 185.178.209.197 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 185.178.209.197 -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -s 190.115.30.44 -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -s 190.115.30.44 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROPExample of UFW settings
sudo ufw allow from 77.220.207.0/24 to any port 80 proto tcp
sudo ufw allow from 77.220.207.0/24 to any port 443 proto tcp
sudo ufw allow from 45.10.240.0/24 to any port 80 proto tcp
sudo ufw allow from 45.10.240.0/24 to any port 443 proto tcp
sudo ufw allow from 45.10.241.0/24 to any port 80 proto tcp
sudo ufw allow from 45.10.241.0/24 to any port 443 proto tcp
sudo ufw allow from 45.10.242.0/24 to any port 80 proto tcp
sudo ufw allow from 45.10.242.0/24 to any port 443 proto tcp
sudo ufw allow from 186.2.160.0/24 to any port 80 proto tcp
sudo ufw allow from 186.2.160.0/24 to any port 443 proto tcp
sudo ufw allow from 186.2.164.0/24 to any port 80 proto tcp
sudo ufw allow from 186.2.164.0/24 to any port 443 proto tcp
sudo ufw allow from 186.2.167.0/24 to any port 80 proto tcp
sudo ufw allow from 186.2.167.0/24 to any port 443 proto tcp
sudo ufw allow from 186.2.168.0/24 to any port 80 proto tcp
sudo ufw allow from 186.2.168.0/24 to any port 443 proto tcp
sudo ufw allow from 185.178.209.197 to any port 80 proto tcp
sudo ufw allow from 185.178.209.197 to any port 443 proto tcp
sudo ufw allow from 190.115.30.44 to any port 80 proto tcp
sudo ufw allow from 190.115.30.44 to any port 443 proto tcp
sudo ufw deny 80 proto tcp
sudo ufw deny 443 proto tcpExample of nftables settings
These rules will work until reboot.
nft add table ip ddg_filter
nft add chain ip ddg_filter input '{ type filter hook input priority 0; policy accept; }'
nft add rule ip ddg_filter input ip saddr 77.220.207.0/24 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 45.10.240.0/24 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 45.10.241.0/24 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 45.10.242.0/24 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 186.2.160.0/24 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 186.2.164.0/24 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 186.2.167.0/24 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 186.2.168.0/24 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 185.178.209.197 tcp dport {80, 443} accept
nft add rule ip ddg_filter input ip saddr 190.115.30.44 tcp dport {80, 443} accept
nft add rule ip ddg_filter input tcp dport {80, 443} dropThese rules will work permanently, if you add to /etc/nftables.conf:
table ip ddg_filter {
chain input {
type filter hook input priority filter; policy accept;
ip saddr 77.220.207.0/24 tcp dport { 80, 443 } accept
ip saddr 45.10.240.0/24 tcp dport { 80, 443 } accept
ip saddr 45.10.241.0/24 tcp dport { 80, 443 } accept
ip saddr 45.10.242.0/24 tcp dport { 80, 443 } accept
ip saddr 186.2.160.0/24 tcp dport { 80, 443 } accept
ip saddr 186.2.164.0/24 tcp dport { 80, 443 } accept
ip saddr 186.2.167.0/24 tcp dport { 80, 443 } accept
ip saddr 186.2.168.0/24 tcp dport { 80, 443 } accept
ip saddr 185.178.209.197 tcp dport { 80, 443 } accept
ip saddr 190.115.30.44 tcp dport { 80, 443 } accept
tcp dport { 80, 443 } drop
}
}Example of firewalld settings
firewall-cmd --permanent --new-zone=ddg
firewall-cmd --permanent --zone=ddg --add-port=80/tcp
firewall-cmd --permanent --zone=ddg --add-port=443/tcp
firewall-cmd --permanent --zone=ddg --add-source=186.2.160.0/24
firewall-cmd --permanent --zone=ddg --add-source=77.220.207.0/24
firewall-cmd --permanent --zone=ddg --add-source=45.10.240.0/24
firewall-cmd --permanent --zone=ddg --add-source=45.10.241.0/24
firewall-cmd --permanent --zone=ddg --add-source=186.2.167.0/24
firewall-cmd --permanent --zone=ddg --add-source=186.2.168.0/24
firewall-cmd --permanent --zone=ddg --add-source=45.10.242.0/24
firewall-cmd --permanent --zone=ddg --add-source=186.2.164.0/24
firewall-cmd --reloadTo see the real IP addresses of site visitors, we recommend that you read our instruction "Site protection: restore original visitor IPs"
Other articles of the section
