Netcup Coupons Netcup.coupons
Blog

Out new: Firewall for netcup vServer – additional security layer at no extra cost

A new functionality is now available for all netcup vServers from Generation 12 onwards (VPS x86, VPS ARM, Root server, vGPU server) in the Server Control Panel (SCP).

The firewall allows you to control the incoming and outgoing traffic of your servers in a targeted manner. This gives you additional protection at network level to block unwanted traffic from your servers at netcup and enables you to gain full control over accessible services.

Use of the firewall is free of charge and is available immediately for all new and existing vServer products at netcup.

What does the new firewall offer?

The stateful firewall allows you to granularly control the incoming and outgoing network traffic of your vServer. You can define your own rules both via the SCP and via the API to specifically allow or block certain protocols, ports or IP ranges. This ensures that only desired connections are allowed and that internal services are not unintentionally accessible to the public.

Key benefits:

  • Additional layer of security at no extra cost
  • Rule-based control over incoming and outgoing traffic
  • Filtering directly at network level before requests reach the server itself
  • Enabled by default for new root servers and VPS, existing VMs can now activate the feature in the SCP
  • Simple management in the server control panel or automated via API

Why an additional firewall makes sense

The firewall gives you an additional, easy-to-understand yet flexible option to significantly reduce the attack surface of your vServer at netcup. However, we strongly recommend that you also set up your own internal firewall solutions such as iptables or nftables on the server itself, even if you use the firewall feature from netcup.

The firewall provides basic protection. It supplements your measures with an upstream security layer in the network, for example to counteract unwanted public services or misconfigurations in the system, but does not replace protection via local server firewalls.

Notes and limitations

The firewall is available for all netcup server products from Generation 12 onwards and can be configured per server with immediate effect. The firewall is already activated by default for new orders. For existing servers (ordered before December 9, 2025), the firewall must be activated once in the SCP.

You can define up to 500 active rules per server and per public network interface in the firewall. Please note, however, that some rules are already predefined by default, for example to prevent email spamming such as netcup Mail block (default policy). You can remove these at any time after activation. For example, outgoing traffic on port 25 (SMTP) is blocked by default. This measure serves as a protective mechanism against outgoing e-mail spam. If you want to operate your server as a mail server, you can remove this rule manually at any time. In this case, however, make sure that your email configuration is complete and correct to avoid blocking by third-party providers or blacklists.

If no policies are assigned to a server, the firewall generally allows all traffic.

You can find further tips on this topic in the netcup Help Center.

Management via SCP and API

The firewall can be activated and managed directly in the Server Control Panel (SCP). Policies can be created, edited and assigned to individual servers there. Alternatively, administration can be fully automated via the netcup API.

You can find additional technical details, policy examples, and a complete management guide here in the netcup Help Center.

Don’t miss out: Grab a new deal every day in the advent calendar

The netcup Advent calendar has a new bargain for you every day from December 1 to 24. 

FAQs about the firewall

I already have a server with netcup. How do I use the firewall?

The firewall is available for netcup vServers from generation 12 and can be configured immediately. More detailed instructions can be found here in the Help Center.

Is there an alternative to the netcup firewall?

You can also use your own firewall solutions at the operating system level of your VPS or root server. For example: ufw, iptables, firewalld

We also strongly recommend installing additional security measures on your server even when using the firewall feature in the SCP.

Can I deactivate the firewall?

The firewall cannot be activated or deactivated directly. To temporarily allow all traffic, temporarily remove all policies from the server, then the default is ALLOW again. Make sure you add them back later, to reactivate the firewall.

Further information can be found in the Help Center.

Is the firewall sufficient for the security for my server?

The firewall provides basic protection. It supplements your measures with an upstream security layer in the network and counteracts, for example, unwanted public services or misconfigurations in the system. However, it does not replace protection via local server firewalls. Nevertheless, we strongly recommend that you also set up your own internal firewall solutions such as iptables or nftables on the server itself. Also make sure that you protect your accesses with two-factor authentication/SSH keys and that you keep your system up to date.

Leave a Comment

Netcup Live Deals

Frequently Asked Questions about Live Deals