Anyone else disappointed cPanel techs won't touch your firewall?

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,772
1,870
363
cPanel Access Level
Root Administrator
We do have a list of ports that are required for cPanel to function properly in our documentation here:


and tools like CSF usually open those by default when installed on a cPanel system. For additional configurations, you'd have to make manual adjustments to the configuration.
 

SS-Maddy

Well-Known Member
Mar 28, 2009
130
18
68
cPanel Access Level
Root Administrator

petermatra

Registered
May 12, 2021
4
1
3
Brewster
cPanel Access Level
Root Administrator
I read the articles and could not figure out why the ports were not opened up. But the tech said they weren't. If I were confident enough to touch my own nft tables I would have.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,772
1,870
363
cPanel Access Level
Root Administrator
This sounds like a perfect case where hiring a professional isn't a bad idea. It's no different than any other service - plumbing, electrical work, auto maintenance - no everyone knows everything about everything. If you're not confident in performing the work yourself, there's zero shame in asking or hiring someone.
 

PeteS

Well-Known Member
Jun 8, 2017
311
67
78
Oregon
cPanel Access Level
Root Administrator
We do have a list of ports that are required for cPanel to function properly in our documentation here:


and tools like CSF usually open those by default when installed on a cPanel system. For additional configurations, you'd have to make manual adjustments to the configuration.
A question on this...

There are ports I don't use (i.e. for non-secure connections like 110, 143, 2077, 2079, 2082, 2086, 2095, or ones I have changed to a custom port different from the cPanel default) that I remove from the firewalld's cPanel service.

If I do that will cPanel open them back up in future updates, or checks? (I'm specifically talking about the cPanel service in firewalld.) Or do I need to block them in the zone (I assume zone overrides the service inside that zone.)
 

PeteS

Well-Known Member
Jun 8, 2017
311
67
78
Oregon
cPanel Access Level
Root Administrator
Nope - we don't automatically open up ports, so that change will stick.
I have read reports of others who removed a port(s) from the cPanel service xml file but later it was re-added by an update. I'm almost 100% that happened on one of my servers also. (No offense, it IS cPanel's file. ;) )

My solution instead is to add a rich rule that overrides the port(s) in the cPanel service xml file.

Example:
# firewall-cmd --permanent --add-rich-rule='rule port port=110 protocol=tcp reject'
# firewall-cmd --reload
 
  • Like
Reactions: cPRex and Spirogg