about iptables adn firewalld

[anouar el bakkouri]

Hello
I'm new in this forum
I installed Cpanel in my server CENTOS 7
now I want to install a firewall please Who is the best iptables or firewalld ?
What are the pors that I have to open?
Do I have to open all this pors
20 TCP/UDP FTP data
21 TCP/UDP FTP command
22 TCP/UDP SSH (Secure Shell)
25 TCP SMTP (Simple Mail Transfer Protocol)
53 TCP/UDP DNS (Domain Name System)
80 TCP/UDP HTTP (Hypertext Transfer Protocol)
110 TCP POP3 (Post Office Protocol v3)
143 TCP IMAP (Internet Message Access Protocol)
443 TCP HTTPS (Hypertext Transfer Protocol over SSL/TLS)
465 TCP SMTP over SSL
993 TCP IMAPS (Internet Message Access Protocol over SSL)
995 TCP POP3S (Post Office Protocol 3 over TLS/SSL)
2077 TCP Webdisk (cPanel Specific)
2078 TCP Webdisk with SSL (cPanel Specific)
2082 TCP CPanel default (cPanel Specific)
2083 TCP CPanel default SSL (cPanel Specific)
2086 TCP WHM (cPanel Specific)
2087 TCP WHM with SSL (cPanel Specific)
thank you
2095 TCP CPanel Web mail (cPanel Specific)
2096 TCP CPanel Web mail with SSL (cPanel Specific)

 

[GOT]

Really firewalld is just a way to manage iptables.

We normally remove firewalld and install CSF which is another way to manage firewall rules and it integrates with whom and has a ton of nice features.

 

[cPanelLauren]

While personally I agree with @GOT as this is what I do on my own servers our recommendations officially are noted here: How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation

 

[anouar el bakkouri]

While personally I agree with @GOT as this is what I do on my own servers our recommendations officially are noted here: How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation

thank you I read this post you recommend to use firwalld
Servers that run the CentOS 7, CloudLinux 7, and RHEL 7 operating systems require that you use the firewalld daemon.

 

[anouar el bakkouri]

Really firewalld is just a way to manage iptables.

We normally remove firewalld and install CSF which is another way to manage firewall rules and it integrates with whom and has a ton of nice features.

thank you you remove firewalld what about iptables?

 

[Deleted member 977321]

I'd never thought about it but from what I've read, it's recommended to keep it installed but disable it in case you need a backup program. I look forward to others' thoughts on this.

 

[ffeingol]

Like man others, we use CSF. The main advantage (other that it's easy to setup the ports you want open) is LFD or login failure daemon. LFD watches various logs (SMTP, POP, IMAP, FTP etc.) and will add rules to block IP if they have repeated login failures over a brief period. While it sometimes gets clients, it usually blocks brute force login attempts.

 

[cPanelLauren]

thank you you remove firewalld what about iptables?

I'm not sure I understand this question. CSF manages IPTables it is not a standalone replacement for it.

 

[Deleted member 977321]

You just answered it.

I'm not sure I understand this question. CSF manages IPTables it is not a standalone replacement for it.