How to Optimize Server Security and Resilience

Maintaining a high-performance firewall requires periodic auditing and hardening. Follow this manual to ensure your node remains bulletproof.

Step 1: Monitoring Security Heartbeat

The Security Pulse on the Firewall dashboard shows the real-time status of the system protection layers. Ensure that the Firewall Engine is ONLINE.

Step 2: Rule Optimization

Over time, redundant rules can slow down network throughput. Periodically audit your rules list:

  • Remove temporary ALLOW rules after maintenance is complete.
  • Consolidate individual IP blocks into CIDR ranges where possible.
  • Use the "Re-sync Rules" button to force a clean reload of the firewall configuration.
[IMAGE_PLACE_HOLDER: Hardening View - Screenshot of the security status overview and re-sync button.]

Step 3: Advanced DDoS Mitigation

While the BoostonCP Firewall handles application-level filtering, for high-volume DDoS attacks, we recommend:

  1. Enabling Cloudflare Proxy for your websites.
  2. Restricting Port 80/443 access ONLY to Cloudflare IP ranges using our built-in "Cloudflare Sync" tool.
ADMIN STRATEGY: Change your SSH Port (Default 22) to a custom high port (e.g., 2299) to stop 99% of automated brute-force attempts. This can be done via the Settings module.