anouar el bakkouri

Registered
May 13, 2020
3
0
1
moroccoo
cPanel Access Level
Root Administrator
Hello
I'm new in this forum
I installed Cpanel in my server CENTOS 7
now I want to install a firewall please Who is the best iptables or firewalld ?
What are the pors that I have to open?
Do I have to open all this pors
20 TCP/UDP FTP data
21 TCP/UDP FTP command
22 TCP/UDP SSH (Secure Shell)
25 TCP SMTP (Simple Mail Transfer Protocol)
53 TCP/UDP DNS (Domain Name System)
80 TCP/UDP HTTP (Hypertext Transfer Protocol)
110 TCP POP3 (Post Office Protocol v3)
143 TCP IMAP (Internet Message Access Protocol)
443 TCP HTTPS (Hypertext Transfer Protocol over SSL/TLS)
465 TCP SMTP over SSL
993 TCP IMAPS (Internet Message Access Protocol over SSL)
995 TCP POP3S (Post Office Protocol 3 over TLS/SSL)
2077 TCP Webdisk (cPanel Specific)
2078 TCP Webdisk with SSL (cPanel Specific)
2082 TCP CPanel default (cPanel Specific)
2083 TCP CPanel default SSL (cPanel Specific)
2086 TCP WHM (cPanel Specific)
2087 TCP WHM with SSL (cPanel Specific)
thank you
2095 TCP CPanel Web mail (cPanel Specific)
2096 TCP CPanel Web mail with SSL (cPanel Specific)
 

GOT

Get Proactive!
PartnerNOC
Apr 8, 2003
1,754
315
363
Chesapeake, VA
cPanel Access Level
DataCenter Provider
Really firewalld is just a way to manage iptables.

We normally remove firewalld and install CSF which is another way to manage firewall rules and it integrates with whom and has a ton of nice features.
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston

anouar el bakkouri

Registered
May 13, 2020
3
0
1
moroccoo
cPanel Access Level
Root Administrator

Jay3570

Active Member
Oct 24, 2019
30
7
83
USA
cPanel Access Level
Root Administrator
I'd never thought about it but from what I've read, it's recommended to keep it installed but disable it in case you need a backup program. I look forward to others' thoughts on this.
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
631
207
343
cPanel Access Level
DataCenter Provider
Like man others, we use CSF. The main advantage (other that it's easy to setup the ports you want open) is LFD or login failure daemon. LFD watches various logs (SMTP, POP, IMAP, FTP etc.) and will add rules to block IP if they have repeated login failures over a brief period. While it sometimes gets clients, it usually blocks brute force login attempts.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston