The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ipf cpanel advice needed

Discussion in 'General Discussion' started by rfrayer, Sep 12, 2011.

  1. rfrayer

    rfrayer Registered

    Joined:
    Sep 11, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Farwell, Michigan, United States
    cPanel Access Level:
    Root Administrator
    Hi im new to FreeBSD and was wondering if anyone who has experiance could take a look at my rules before i use em and end up possibly locking myself out of my server and let me know it it looks like it will work



    Code:
    IPF="ipfw -q add"
    ipfw -q -f flush
    
    #loopback
    $IPF 10 allow all from any to any via lo0
    $IPF 20 deny all from any to 127.0.0.0/8
    $IPF 30 deny all from 127.0.0.0/8 to any
    $IPF 40 deny tcp from any to any frag
    
    # statefull
    $IPF 50 check-state
    $IPF 60 allow tcp from any to any established
    $IPF 70 allow all from any to any out keep-state
    $IPF 80 allow icmp from any to any
    
    # open port ftp (20,21), Customized ssh (5678), mail (25)
    # http (80), dns (53) etc
    $IPF 110 allow tcp from any to any 20-21 in
    $IPF 120 allow tcp from any to any 20-21 out
    $IPF 110 allow tcp from any to any 30000-50000 in
    $IPF 120 allow tcp from any to any 30000-50000 out
    #Custom ssh port
    $IPF 130 allow tcp from any to any 5678 in
    $IPF 140 allow tcp from any to any 5678 out
    $IPF 150 allow tcp from any to any 25 in
    $IPF 160 allow tcp from any to any 25 out
    $IPF 170 allow udp from any to any 53 in
    $IPF 175 allow tcp from any to any 53 in
    $IPF 180 allow udp from any to any 53 out
    $IPF 185 allow tcp from any to any 53 out
    $IPF 200 allow tcp from any to any 80 in
    $IPF 210 allow tcp from any to any 80 out
    
    # cpanel 11
    $IPF 110 allow tcp from any to any 2086 in
    $IPF 120 allow tcp from any to any 2086 out
    $IPF 110 allow tcp from any to any 2082 in
    $IPF 120 allow tcp from any to any 2082 out
    
    # Red5
    $IPF 200 allow tcp from any to any 843 in
    $IPF 210 allow tcp from any to any 843 out
    $IPF 200 allow tcp from any to any 5080 in
    $IPF 210 allow tcp from any to any 5080 out
    $IPF 200 allow tcp from any to any 8443 in
    $IPF 210 allow tcp from any to any 8443 out
    $IPF 200 allow tcp from any to any 1935-1936 in
    $IPF 210 allow tcp from any to any 1935-1936 out
    $IPF 200 allow tcp from any to any 8088 in
    $IPF 210 allow tcp from any to any 8088 out
    $IPF 200 allow tcp from any to any 9035 in
    $IPF 210 allow tcp from any to any 9035 out
    $IPF 200 allow tcp from any to any 9999 in
    $IPF 210 allow tcp from any to any 9999 out
    
    # Shoutcast Spanel
    $IPF 200 allow tcp from any to any 8000-9000 in
    $IPF 210 allow tcp from any to any 8000-9000 out
    $IPF 200 allow udp from any to any 8000-9000 in
    $IPF 210 allow udp from any to any 8000-9000 out
    
    # deny and log everything
    $IPF 500 deny log all from any to any
     
  2. rfrayer

    rfrayer Registered

    Joined:
    Sep 11, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Farwell, Michigan, United States
    cPanel Access Level:
    Root Administrator
    woot got it working great had to manually go into proftpd's config and enable passive ports but after that smooth sailing did a few adjustments so dont use the first config use this one oh and i customized my ssh ports so you will need to edit to match your freebsd server whome ever wants to use this as a template example

    IPF="ipfw -q add"
    ipfw -q -f flush

    #loopback
    $IPF 10 allow all from any to any via lo0
    $IPF 20 deny all from any to 127.0.0.0/8
    $IPF 30 deny all from 127.0.0.0/8 to any
    $IPF 40 deny tcp from any to any frag

    # statefull
    $IPF 50 check-state
    $IPF 60 allow tcp from any to any established
    $IPF 70 allow all from any to any out keep-state
    $IPF 80 allow icmp from any to any

    # open port ftp (20,21), Customized ssh (5678), mail (25)
    # http (80), dns (53) etc
    $IPF 110 allow tcp from any to any 20-21 in
    $IPF 120 allow tcp from any to any 20-21 out
    $IPF 110 allow tcp from any to any 10000-50000 in
    $IPF 120 allow tcp from any to any 10000-50000 out

    #Custom ssh port
    $IPF 130 allow tcp from any to any 5678 in
    $IPF 140 allow tcp from any to any 5678 out

    $IPF 150 allow tcp from any to any 25 in
    $IPF 160 allow tcp from any to any 25 out
    $IPF 170 allow udp from any to any 53 in
    $IPF 175 allow tcp from any to any 53 in
    $IPF 180 allow udp from any to any 53 out
    $IPF 185 allow tcp from any to any 53 out
    $IPF 200 allow tcp from any to any 80 in
    $IPF 210 allow tcp from any to any 80 out
    $IPF 200 allow tcp from any to any 443 in
    $IPF 210 allow tcp from any to any 443 out
    # cpanel 11
    $IPF 110 allow tcp from any to any 2080-2090 in
    $IPF 120 allow tcp from any to any 2080-2090 out

    # Red5
    $IPF 200 allow tcp from any to any 843 in
    $IPF 210 allow tcp from any to any 843 out
    $IPF 200 allow tcp from any to any 5080 in
    $IPF 210 allow tcp from any to any 5080 out
    $IPF 200 allow tcp from any to any 8443 in
    $IPF 210 allow tcp from any to any 8443 out
    $IPF 200 allow tcp from any to any 1935-1936 in
    $IPF 210 allow tcp from any to any 1935-1936 out
    $IPF 200 allow tcp from any to any 8088 in
    $IPF 210 allow tcp from any to any 8088 out
    $IPF 200 allow tcp from any to any 9035 in
    $IPF 210 allow tcp from any to any 9035 out
    $IPF 200 allow tcp from any to any 9999 in
    $IPF 210 allow tcp from any to any 9999 out

    # Shoutcast Spanel
    $IPF 200 allow tcp from any to any 8000-9000 in
    $IPF 210 allow tcp from any to any 8000-9000 out
    $IPF 200 allow udp from any to any 8000-9000 in
    $IPF 210 allow udp from any to any 8000-9000 out

    # deny and log everything
    $IPF 500 deny log all from any to any
     
Loading...

Share This Page