Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

customised firewall

Discussion in 'General Discussion' started by visiondream3, Dec 3, 2003.

  1. visiondream3

    visiondream3 Active Member

    Joined:
    Mar 3, 2003
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    156
    Hello,
    I'm trying to enable a customised firewall for a cpanel server. In the process, I decided to enable individual ports which are required in the INPUT chain.
    Here it is :
    $IPT -A INPUT -p tcp -s 0/0 --dport 993 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 1 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 995 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 110 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 783 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 143 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 465 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 953 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 2082 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 2086 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 3306 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 1024:65535 -j ACCEPT
    $IPT -A INPUT -p udp -s 0/0 -j ACCEPT

    But I realised that with ftp in use, I'm unable to take away the second last line which allows the higher non privilege ports to be open.

    Is there a way to tweak ftp without going for secure ftp so that I can close down those ports as well.

    I need only those ports which require service to be open.
    Any new ideas will be appreciated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice