I am using GoDaddy as my hosting provider. I just upgraded my service from their Gen3 VPS to a Gen4 VPS. The Gen3 VPS came with `ConfigServ Security & Firewall` - that is not available in the new Centos 7.7 Gen4 VPS. In fact, it appears there is no default FW of any sort in my new Gen4 VPS.
Admittedly, I am not very strong on Linux security or built in FWs.
I have been reading that Firewalld has replaced CSF as the new preferred FW, but then plenty of other articles that CSF is still used. And even other that just say to natively use iptables. Are both firewalld and CSF just interfaces to the behind the scenes iptables? Or are they actually their own independent FWs.
What to do? Does anyone know if the GoDaddy Gen VPS already has a default FW...and I am just missing it? Is it...or any of them...and easy add-on package that can be managed from the WHM interface? Please advise.
UPDATE:
=============
So a bit more reading to see whats installed already and this article got me looking at things behind the scenes: How to configure a Firewall for WHM/cPanel | Vander Host
If I am reading this properly, firewalld is installed but disabled? But iptables is running? I don't want to get into a philosophical debate, but I am reading the firewalld is easier to manage. If thats the case, and it appears to be installed, how do I interface with it? Which has a better GUI - I prefer not to work via CLI for managing FW policies and such.
# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
cphulk all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mailman
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mail
ACCEPT tcp -- anywhere localhost multiport dports smtp,urd,submission owner UID match cpanel
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner UID match root
Chain cphulk (1 references)
target prot opt source destination
DROP all -- 118.25.226.75 anywhere state NEW TIME until date 2020-04-27 22:59:33 UTC
Admittedly, I am not very strong on Linux security or built in FWs.
I have been reading that Firewalld has replaced CSF as the new preferred FW, but then plenty of other articles that CSF is still used. And even other that just say to natively use iptables. Are both firewalld and CSF just interfaces to the behind the scenes iptables? Or are they actually their own independent FWs.
What to do? Does anyone know if the GoDaddy Gen VPS already has a default FW...and I am just missing it? Is it...or any of them...and easy add-on package that can be managed from the WHM interface? Please advise.
UPDATE:
=============
So a bit more reading to see whats installed already and this article got me looking at things behind the scenes: How to configure a Firewall for WHM/cPanel | Vander Host
If I am reading this properly, firewalld is installed but disabled? But iptables is running? I don't want to get into a philosophical debate, but I am reading the firewalld is easier to manage. If thats the case, and it appears to be installed, how do I interface with it? Which has a better GUI - I prefer not to work via CLI for managing FW policies and such.
# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
cphulk all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mailman
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner GID match mail
ACCEPT tcp -- anywhere localhost multiport dports smtp,urd,submission owner UID match cpanel
ACCEPT tcp -- anywhere anywhere multiport dports smtp,urd,submission owner UID match root
Chain cphulk (1 references)
target prot opt source destination
DROP all -- 118.25.226.75 anywhere state NEW TIME until date 2020-04-27 22:59:33 UTC
Last edited:
