The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

customised firewall

Discussion in 'General Discussion' started by visiondream3, Dec 3, 2003.

  1. visiondream3

    visiondream3 Active Member

    Joined:
    Mar 3, 2003
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    I'm trying to enable a customised firewall for a cpanel server. In the process, I decided to enable individual ports which are required in the INPUT chain.
    Here it is :
    $IPT -A INPUT -p tcp -s 0/0 --dport 993 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 1 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 995 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 110 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 783 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 111 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 143 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 465 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 53 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 21 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 25 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 953 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 443 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 2082 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 2086 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 3306 -j ACCEPT
    $IPT -A INPUT -p tcp -s 0/0 --dport 1024:65535 -j ACCEPT
    $IPT -A INPUT -p udp -s 0/0 -j ACCEPT

    But I realised that with ftp in use, I'm unable to take away the second last line which allows the higher non privilege ports to be open.

    Is there a way to tweak ftp without going for secure ftp so that I can close down those ports as well.

    I need only those ports which require service to be open.
    Any ideas will be appreciated.
     
Loading...

Share This Page