Which ports does VPSDime block?
We do not block arbitrary ports. Inbound traffic to your VPS is allowed by default on every port, with one exception: a small, curated set of application ports that are commonly exposed by accident and are the most frequent entry point for malware and compromise. Those ports are blocked at our network edge unless you explicitly whitelist the sources that should reach them.
Everything else - including SSH (22), HTTP (80), HTTPS (443), custom application ports, game servers, VPN ports, etc. - is not filtered by us.
Blocked application ports
The following ports are blocked by default. Use the firewall page in your client area to whitelist the IPs or subnets that should be allowed to reach them.
| Application | Ports |
|---|---|
| MongoDB | tcp/27017, tcp/27018, tcp/27019 |
| MSSQL | tcp/1433 |
| PostgreSQL | tcp/5432, tcp/5433, tcp/5434, tcp/5435 |
| Redis | tcp/6379 |
| Elasticsearch | tcp/9200, tcp/9300 |
| Apache Solr | tcp/8983 |
| Memcached | tcp/11211, udp/11211 |
| RabbitMQ | tcp/5672, tcp/15672, tcp/25672 |
| ZooKeeper | tcp/2181, tcp/2888, tcp/3888 |
| Docker API (plain HTTP) | tcp/2375 |
| Selenium Grid | tcp/4442, tcp/4443, tcp/4444 |
| Ollama | tcp/11434 |
| Erlang Port Mapper (epmd) | tcp/4369 |
This list may be updated over time as new high-risk services become common. Any additions will be announced in advance.
Turning the firewall on or off
The firewall can be enabled or disabled per VPS from the firewall page in your client area, using the Turn on Firewall Protection / Turn off Firewall Protection buttons.
- Enabled (default): traffic to the listed application ports is blocked unless the source is in your Per-Application or Global Whitelist for that VPS.
- Disabled: the firewall is fully off for that VPS. Every port listed above becomes reachable from the public internet, subject only to whatever your VPS itself is doing (its own iptables/nftables/ufw, bind address, authentication, etc.).
Switching the firewall off does not delete your whitelists; they are kept and become active again the moment you re-enable it.
Leaving the firewall off is a deliberate choice and the security of the exposed services becomes entirely your responsibility. Only turn it off if you know the services are properly secured or if they need to be reachable from the public internet without an IP restriction (for example, a database that your application servers connect to from addresses you cannot predict in advance).
How to allow access
Open the firewall section on your VPS management page in the client area. You have two tools:
- Per-Application Whitelist - for each blocked application, enter the IPs or subnets that should be allowed to reach it. Nothing else will get through to that port.
- Global Whitelist - enter IPs or subnets that should be trusted across all blocked apps on this VPS. Use this when you want a single source (your office, a monitoring server, another VPS of yours) to bypass every per-app block.
Your own VPSs in our fleet can already reach each other without restriction - inter-VPS IPs are whitelisted automatically. You do not need to add your other VPSs here.
Accepted formats (one entry per line):
Single IPv4: 203.0.113.5 IPv4 subnet: 203.0.113.0/24 (up to /16) Single IPv6: 2001:db8::1 IPv6 subnet: 2001:db8::/64 (up to /48)
Limits: max 10 entries per list. Catch-all (0.0.0.0/0, ::/0) is not allowed. Changes apply immediately after saving - no restart needed.
Checking what is listening on your VPS
If something on your VPS looks unreachable, first verify that the service is actually listening on the port. Run:
ss -tulnp | grep :<port>
or, on older systems:
netstat -anp | grep :<port>
You should see a LISTEN line for the port you expect. If nothing is listening, no firewall change will make it reachable - start the service first. If something is listening but still unreachable, check:
- The service is bound to a public interface, not
127.0.0.1only (intentional loopback binds are safe and will never be reachable from the internet). - Your own firewall inside the VPS (iptables / nftables / ufw / firewalld) is not blocking it.
- If the port is on the list above, the relevant whitelist in your client area includes the IP you are connecting from.
Security recommendations
Our firewall is a safety net, not a replacement for good practice on the VPS itself:
- Bind services to
127.0.0.1(or a private/VPN interface) whenever the service does not need to be reachable from the public internet. - Use strong, unique credentials, and disable default accounts.
- Keep a local firewall configured on the VPS as a second layer.
- Change SSH from the default port 22 to reduce automated brute-force noise.