CSF TCP Ports

[SaltedDog]

Hi Guys,

We are having some high load issues on our servers - and our server admin is not reachable. Whilst I was looking over some settings I noticed the below ports in CSF:

Allow outgoing TCP ports
20,21,212,25,26,53,80,110,143,443,465,587,993,995,1167,1194,2077,2078,2082,2083,2086,2087,2095,2096,2195,3128,3032,7777,10050,30000:30500,2795,49152:65534

Allow outgoing TCP ports
20,21,22,25,26,37,43,53,80,110,113,143,212,443,465,587,873,993,995,1167,2083,2086,2087,2089,2703,2929,3306,3307,8010:8050,8083,10050,45667

I know port access can vary - but can anybody flag anything that we potentially should remove from the above?

 

[cPanelWilliam]

Hello! There are several ports from the list you provided which do not appear to be used for cPanel/WHM services. You can consider removing the ports that aren't listed in the following article, however, I would recommend ensuring the ports aren't being used by another service before blocking them:

What ports should I open in my network firewall?

 

[ITHKBO]

I would advise if you still have access to the back-end to make use of the statistic displays that ConfigServer Firewall has build in to reduce potential culprits before closing any ports.

Home >> Plugins >> ConfigServer Security & Firewall >> View lfd Statistics
Than check the pie chart of "Block triggers in the last 28 days" for any abnormalities.
You are also able to see load average and other statistics one page back under "View System Statistics"
If you see any abnormalities with regards to the triggers and network traffic take a look at the page "View Listening Ports" to further audit the situation.

With regards to the mentioned ports I assume the first entry is inbound instead of outbound?
I am seeing the following ports that we personally do not use or recognize. Keep in mind that the following information is a guess on there function based on feedback of the site speedguide community. Always export your current configuration and verify where possible any function of any port before closing it.

Also make sure to read the knowledge base provided by William to understand the port usage for the other ones in your list as I am seeing several you *might* not actually need. Example 2195 Apple Push Notifications APNs

Inbound:TCP
212 Port 212 (tcp/udp)
1167 Port 1167 (tcp/udp)
1194 Port 1194 (tcp/udp)
2795 Port 2795 (tcp/udp)
3128 Port 3128 (tcp/udp)
3032 Port 3032 (tcp/udp)
7777 Port 7777 (tcp/udp)
10050 Port 10050 (tcp/udp)

Outbound: TCP
212 Port 212 (tcp/udp)
1167 Port 1167 (tcp/udp)
2929 Port 2929 (tcp/udp)
3307 Port 3307 (tcp/udp)
8010:8050 (Can't find any information with regards to such a specific range, might want to check Well known ports, 8000 to 8999)
8083 Port 8083 (tcp/udp)
10050 Port 10050 (tcp/udp)
45667 Unassigned (Potential specific custom function be sure to check with your server network architect)

 

[SaltedDog]

Thanks for the info guys - I shall take a closer look.