richy said:
If you are using APF, you could remove the WHM/Cpanel + SSH ports from the allowed port numbers and then put your static dedicated IP address into /etc/apf/allow_hosts.rules. This will mean no access will be granted to the WHM/Cpanel/SSH ports except if you are coming from the IP address listed in allow_hosts (IPs listed there can access any port on the server)
Let me jump in and say that's helpful to me as well. I am new to APF having just installed the latest version. Maybe you can help me figure this out. (At this time, Dev. Mode is set to 1)
Lots of lines in the files come commented out. For example, every line in allow_hosts is commented out. I guess this means the firewall will allow all traffic in its default state.
I added a lot of TCP_CPORTS to the conf file: IG_TCP_CPORTS="21,22,25,26,53,80,110,143,443,2082,2083,2086,2087,2095,2096"
and left UDP_CPORTS as is, mainly because I'm at a loss for figuring it out:
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=""
The documentation is good, but is lacking for neophytes I think. For example, I need to set up rules so my backup IP can be accessed through the firewall to allow FTP and
FTP-DATA to xx.xx.xx.xx. Also I must open the firewall for TCP/UDP ports xxx, xxx,
xxx, and xxx to xx.xx.xx.xx. How do I do this?
Any tips are most welcome!
Thanks
