Firewall Ports - An Updated List for CentOS 5.x?

[myce]

I have been having a problem with APF 9.7.1 locking out my DNS (i.e. my websites and email start getting "server not found" messages at approximately the same time that the cPanel upgrade runs every night). Stopping the APF firewall immediately fixes the problem. I've been running APF successfully for over 5 years, so I assumed that the ports have probably changed or new ones are required with CentOS 5.x or cPanel/WHM (I just upgraded to a new server and was running CentOS 4.x and APF 9.6 on the old with no problems).

Here are the ports that my APF configuration allowed in /etc/apf/conf.apf:

# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="1,20,21,22,25,37,53,80,110,111,143,443,465,631,873,993,995,1040,2077,2078,2080,2081,2082,2083,2084,2085,2086,2087,2088,2089,2090,2091,2092,2093,2094,2095,2096,2097,2098,2099,3306,9999,10000,20000,30000_35000"

# Common inbound (ingress) UDP ports
IG_UDP_CPORTS="22,37,53,631,873,32794"

# Common outbound (egress) TCP ports
EG_TCP_CPORTS="21,22,25,43,80,443,873,2080,2081,2082,2083,2084,2085,2086,2087,2088,2089,2090,2091,2091,2092,2093,2094,2095,2096,2097,2098,2099"

# Common outbound (egress) UDP ports
EG_UDP_CPORTS="20,21,22,53,365,465,873"

Today, I ran the following to check for Open Ports on my server:

nmap -sT -O localhost

and it produced the following report, which shows that I need to add three additional ports:

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-03-28 15:37 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 1662 closed ports
PORT STATE SERVICE
1/tcp open tcpmux
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
443/tcp open https
465/tcp open smtps
783/tcp open spamassassin
953/tcp open rndc
993/tcp open imaps
995/tcp open pop3s
1040/tcp open netsaint
3306/tcp open mysql
6666/tcp open irc-serv
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-redhat-linux-gnu%D=3/28%Tm=49CE7C88%O=1%C=2)
TSeq(Class=RI%gcd=1%SI=30C792%IPID=Z%TS=U)
TSeq(Class=RI%gcd=2%SI=1863BF%IPID=Z%TS=U)
TSeq(Class=RI%gcd=1%SI=30C787%IPID=Z%TS=U)
T1(Resp=Y%DF=Y%W=8018%ACK=S++%Flags=AS%Ops=M)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=8018%ACK=S++%Flags=AS%Ops=M)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Nmap finished: 1 IP address (1 host up) scanned in 9.660 seconds

So, I've added these three ports to my APF configuration. But, if anyone knows of any additional ports that I should allow or dis-allow from the following updated APF port list, please post them here, along with any additional information you may have about them:

# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="1,20,21,22,25,37,53,80,110,111,143,443,465,631,783,873,953,993,995,1040,2077,2078,2080,2081,2082,2083,2084,2085,2086,2087,2088,2089,2090,2091,2092,2093,2094,2095,2096,2097,2098,2099,3306,6666,9999,10000,20000,30000_35000"

# Common inbound (ingress) UDP ports
IG_UDP_CPORTS="22,37,53,631,873,32794"

# Common outbound (egress) TCP ports
EG_TCP_CPORTS="21,22,25,43,80,443,873,2080,2081,2082,2083,2084,2085,2086,2087,2088,2089,2090,2091,2091,2092,2093,2094,2095,2096,2097,2098,2099"

# Common outbound (egress) UDP ports
EG_UDP_CPORTS="20,21,22,53,365,465,873"

Thanks!

 

[myce]

I have switched from APF to ConfigServer Services

After reading about it on this forum, I have decided to dump APF in favor of CSF (ConfigServer Services Firewall). CSF is an add-in to WHM, which makes it convenient to administrate. Both allows and blocks can be done straight from the WHM console, as well as the firewall can be restarted from there. I have used all the same TCP/UDP ports mentioned here for APF, and I think this is a complete list, unless anyone can suggest additions. CSF ROCKS! :D