If you order a VPS without a firewall, a security group is assigned. A security group is not a complete firewall; it's more of a filter because it doesn't NAT, VPN, DHCP, etc. All it can do is filter traffic leaving or destined to the interface of the VPS.
By default:
- Ingress traffic (data leaving the virtual machine) is fully allowed.
- Egress traffic (data destined for the virtual machine) is blocked.
The reason for this is that it serves as the last line of defence to protect the OS from the internet (it is a nasty place out there).
If you wish to allow SSH, RDP or any other service, you can update the security group with a rule.
Step 1: Navigate to the virtual machine in the control panel and select Security groups under networking
Step 2: Click on edit rules, then Egres,s and select Add new rule
This rule would allow SSH from any IP address. When creating such a rule for SSH, RDP or any remote access method, please be extremely careful, as this does allow hackers to access the same port.
After creating the rule, you will now be able to access the server on the desired ports you have allowed.