ipf cpanel advice needed

rfrayer · Sep 12, 2011

Hi im new to FreeBSD and was wondering if anyone who has experiance could take a look at my rules before i use em and end up possibly locking myself out of my server and let me know it it looks like it will work

Code:

IPF="ipfw -q add"
ipfw -q -f flush

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ftp (20,21), Customized ssh (5678), mail (25)
# http (80), dns (53) etc
$IPF 110 allow tcp from any to any 20-21 in
$IPF 120 allow tcp from any to any 20-21 out
$IPF 110 allow tcp from any to any 30000-50000 in
$IPF 120 allow tcp from any to any 30000-50000 out
#Custom ssh port
$IPF 130 allow tcp from any to any 5678 in
$IPF 140 allow tcp from any to any 5678 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out

# cpanel 11
$IPF 110 allow tcp from any to any 2086 in
$IPF 120 allow tcp from any to any 2086 out
$IPF 110 allow tcp from any to any 2082 in
$IPF 120 allow tcp from any to any 2082 out

# Red5
$IPF 200 allow tcp from any to any 843 in
$IPF 210 allow tcp from any to any 843 out
$IPF 200 allow tcp from any to any 5080 in
$IPF 210 allow tcp from any to any 5080 out
$IPF 200 allow tcp from any to any 8443 in
$IPF 210 allow tcp from any to any 8443 out
$IPF 200 allow tcp from any to any 1935-1936 in
$IPF 210 allow tcp from any to any 1935-1936 out
$IPF 200 allow tcp from any to any 8088 in
$IPF 210 allow tcp from any to any 8088 out
$IPF 200 allow tcp from any to any 9035 in
$IPF 210 allow tcp from any to any 9035 out
$IPF 200 allow tcp from any to any 9999 in
$IPF 210 allow tcp from any to any 9999 out

# Shoutcast Spanel
$IPF 200 allow tcp from any to any 8000-9000 in
$IPF 210 allow tcp from any to any 8000-9000 out
$IPF 200 allow udp from any to any 8000-9000 in
$IPF 210 allow udp from any to any 8000-9000 out

# deny and log everything
$IPF 500 deny log all from any to any

rfrayer · Sep 14, 2011

woot got it working great had to manually go into proftpd's config and enable passive ports but after that smooth sailing did a few adjustments so dont use the first config use this one oh and i customized my ssh ports so you will need to edit to match your freebsd server whome ever wants to use this as a template example

IPF="ipfw -q add"
ipfw -q -f flush

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any

# open port ftp (20,21), Customized ssh (5678), mail (25)
# http (80), dns (53) etc
$IPF 110 allow tcp from any to any 20-21 in
$IPF 120 allow tcp from any to any 20-21 out
$IPF 110 allow tcp from any to any 10000-50000 in
$IPF 120 allow tcp from any to any 10000-50000 out

#Custom ssh port
$IPF 130 allow tcp from any to any 5678 in
$IPF 140 allow tcp from any to any 5678 out

$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out
$IPF 200 allow tcp from any to any 443 in
$IPF 210 allow tcp from any to any 443 out
# cpanel 11
$IPF 110 allow tcp from any to any 2080-2090 in
$IPF 120 allow tcp from any to any 2080-2090 out

# Red5
$IPF 200 allow tcp from any to any 843 in
$IPF 210 allow tcp from any to any 843 out
$IPF 200 allow tcp from any to any 5080 in
$IPF 210 allow tcp from any to any 5080 out
$IPF 200 allow tcp from any to any 8443 in
$IPF 210 allow tcp from any to any 8443 out
$IPF 200 allow tcp from any to any 1935-1936 in
$IPF 210 allow tcp from any to any 1935-1936 out
$IPF 200 allow tcp from any to any 8088 in
$IPF 210 allow tcp from any to any 8088 out
$IPF 200 allow tcp from any to any 9035 in
$IPF 210 allow tcp from any to any 9035 out
$IPF 200 allow tcp from any to any 9999 in
$IPF 210 allow tcp from any to any 9999 out

# Shoutcast Spanel
$IPF 200 allow tcp from any to any 8000-9000 in
$IPF 210 allow tcp from any to any 8000-9000 out
$IPF 200 allow udp from any to any 8000-9000 in
$IPF 210 allow udp from any to any 8000-9000 out

# deny and log everything
$IPF 500 deny log all from any to any

Thread starter	Similar threads	Forum	Replies	Date
	Scanning Zipfiles with AV	Security	3	Jun 19, 2019
A	Cp-Wrap[1055]: Pushing "547 CHECKDOMAINIPFORSSL...	Security	1	Jun 25, 2012
R	ipfw cpanel	Security	0	Sep 12, 2011
H	How to Block Port 25 Spam in FreeBSD IPFW	Security	0	Mar 5, 2010
D	IPFW firewall rules for Cpanel on FreeBSD server	Security	16	Dec 5, 2004

Search

Search

ipf cpanel advice needed

rfrayer

Registered

rfrayer

Registered