When having a server it is recommended that you at least have some security measures enabled. One could be a Firewall. Hetzner does provide a Firewall on the switch before your dedicated server, so you can already avoid some unwanted traffic even before it hits the server.

Since I run a web-, dns-, mail- and ssh server on my server hardware. We’ll create some rules

Name Source IP Destination IP Source port Destination port Protocol TCP flags Action
#1 SSH 22 tcp accept
#2 DNS TCP 53 tcp accept
#3 DNS UDP 53 udp accept
#4 HTTP 80 tcp accept
#5 HTTPS 443 tcp accept
#6 SMTP 25 tcp accept
#7 SMTP TLS 587 tcp accept
#8 IMAP TLS 993 tcp accept
#9 POP3 TLS 995 tcp accept
#10 Out 32768-65535 tcp ack accept

Please make sure that you can access your server with ssh before applying these rules!

The last rule is important when you need to access the internet from your server. For example for updating the server.

Since the firewalls default rule is deny, we only need to allow legit traffic. When you are completely sure you could access the server after applying the rules, you can enable the firewall on the web-interface. This will take about 30 seconds to be applied.

Unfortunately Hetzner doesn’t support more than 10 rules, which you’ll use pretty fast, so keep it in mind when creating rules.