How do I secure my server using a firewall?

In CloudStick we use CSF as the firewall. By default it is disabled. You can enable it from here:

It is used for Login/Intrusion detection, SSH login notification, Excessive connection blocking, Suspicious file reporting, etc.
We strongly recommend that you only open ports for services that you use.
If you have changed your SSH port number, you need to add this new port to the TCP_IN Section.