Jul 7, 2010
I am setting up my VMAir virtual cloud server and just installed cPanel over CentOS 5.5. The install went fine but I could not access WHM so I called the virtual cloud provider who informed me that I needed to turn off the firewall in order to make cPanel work. I did and it now works.

I am not comfortable with the idea that I have to turn off the firewall in order to be able to use cPanel. Is it possible to configure it so that I can have a firewall and use Cpanel? If so can you tell me how?

Thank you.
Last edited:


Well-Known Member
Jul 28, 2004
Coralville, Iowa USA
cPanel Access Level
Root Administrator
Without seeing your existing firewall rules, it would be difficult to know what in the firewall is blocking the access.

If you turn the firewall back on, please provide the output for the following command:

/sbin/iptables -n -L --line-number

Please block out your IPs in the output you provide here as we wouldn't want to have personal details like your server IP or IPs.

Normally, you'll simply need to add rules above the ones denying the ports like this:

/sbin/iptables -I INPUT -p tcp -m tcp --dport 2082:2083 -j ACCEPT 
/sbin/iptables -I INPUT -p tcp -m tcp --dport 2086:2087 -j ACCEPT 
/sbin/iptables -I INPUT -p tcp -m tcp --dport 2095:2096 -j ACCEPT
This would put the ports 2082 and 2083 (cPanel http and https), 2086 and 2087 (WHM http and https), and 2095 and 2096 (webmail http and https) into the INPUT chain of the firewall for ACCEPT (allow) rules. The reason we need to see your actual firewall rules is that your INPUT chain might be forwarded to a different chain name. Some firewalls use RH-Firewall-1-INPUT instead of INPUT as the main incoming connection chain, while others use LOCALINPUT (CSF calls the chain this as far as I'm aware), so we need to see the firewall chains to know where the rules should go.

After you do insert the right rules into the firewall, you would then need to save them:

service iptables save
If you don't save the new chain rules, then they will disappear on server reboot.
Last edited:


cPanel Quality Assurance Analyst
Staff member
Nov 5, 2008
Houston, Texas, U.S.A.
cPanel Access Level
DataCenter Provider
Linux Firewall Configuration and cPanel/WHM

Most Linux servers, including those that run RHEL or CentOS, can use the built-in firewall functionality of "iptables" or a derivative thereof; to add, remove, or edit iptables rules you can use the command "iptables" on the server with appropriate command-line "arguments" or "switches" to define the rules you wish to setup.

To read more about how to do this you can view the manual page for iptables by using the following command via root SSH access:
# man iptables
The included initialization script may be used to start, stop, restart, and save currently loaded iptables rules:
# /etc/init.d/iptables
Usage: /etc/init.d/iptables {start|stop|restart|condrestart|status|panic|save}
A handful of related configuration options can be found, and optionally modified, within the following file; if customizing default entries please ensure to save a backup copy beforehand in case you need to easily revert any new changes (and to have an original copy to compare against):
Here is a command you may use to save a backup copy (via root SSH access):
# cp -av /etc/sysconfig/iptables-config /etc/sysconfig/iptables-config.backup
When using the init script to save your currently-loaded rules, the information will be retained in the following plain-text file that you may also want to consider saving backups of:
To create a backup copy of your newly-saved rules, try a command like the following:
# cp -av /etc/sysconfig/iptables /etc/sysconfig/iptables.backup
If you'd like to compare the currently saved rules with that of a backup, you may use "diff" as seen in the following example:
# diff -us /etc/sysconfig/iptables.backup /etc/sysconfig/iptables
The information posted by Miraenda is an excellent guide to get started with defining rules via command-line access (e.g., via SSH or console).

You may use any firewall, internal or external, with a system running cPanel and WHM; the only requirement is that your firewall configuration allows access on the network ports that you wish to provide service on. For a full list of ports that you may want to allow access on I recommend the following areas of our web site and documentation:

To ease the setup process of a firewall I would consider using an iptables wrapper script, usually available from a third-party source. Some common firewall scripts used with cPanel-based servers are APF and CSF, but both of these are third-party products and so you would need to contact their vendors or developers with any questions or support requests regarding them. For a starting suggestion I would consider CSF as I believe it might be easier to quickly perform initial setup and regular maintenance while also being able to inquire and research within its active community of users and free support via their forums. Like CSF, you may usually find discussions about using and configuring APF on various forums.

"ConfigServer Security & Firewall" (CSF) can be found here:

"Advanced Policy Firewall" (APF) can be found here: