Issue with Firewall

[friv]

I'm glad we were able to help track that down!

Hello cPRex

I have some issue with firewall.

I have enabled native firewall for my server Centos 7 but now i can't have access to Cpanel and WHM.

So,i want to keep firewall to protect my server. What i must do to have again access to Cpanel and WHM and not to stop the firewall ?




Thanks

 

[cPRex]

Hey there! We have a guide on adjusting the firewall settings here:

How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation

This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.

docs.cpanel.net

That page has a list of ports and which way the traffic needs to be opened in order for your system to work properly. Can you work through that and see if adjusting those settings gets things working?

 

[friv]

Hey there! We have a guide on adjusting the firewall settings here:

How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation

This document lists the ports that cPanel & WHM uses, and which services use each of these ports, to allow you to better configure your firewall.

docs.cpanel.net

That page has a list of ports and which way the traffic needs to be opened in order for your system to work properly. Can you work through that and see if adjusting those settings gets things working?

I realy appreciate your help with this link,but i have found solution for this.

I have just copied this in SSH and now i have access to Cpanel and WHM + firewall is active and running.:

sudo firewall-cmd --zone=public --add-port=1/tcp --permanent
sudo firewall-cmd --zone=public --add-port=20/tcp --permanent
sudo firewall-cmd --zone=public --add-port=21/tcp --permanent
sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
sudo firewall-cmd --zone=public --add-port=25/tcp --permanent
sudo firewall-cmd --zone=public --add-port=26/tcp --permanent
sudo firewall-cmd --zone=public --add-port=37/tcp --permanent
sudo firewall-cmd --zone=public --add-port=43/tcp --permanent
sudo firewall-cmd --zone=public --add-port=53/tcp --permanent
sudo firewall-cmd --zone=public --add-port=53/udp --permanent
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=110/tcp --permanent
sudo firewall-cmd --zone=public --add-port=113/tcp --permanent
sudo firewall-cmd --zone=public --add-port=143/tcp --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --zone=public --add-port=465/tcp --permanent
sudo firewall-cmd --zone=public --add-port=465/udp --permanent
sudo firewall-cmd --zone=public --add-port=587/tcp --permanent
sudo firewall-cmd --zone=public --add-port=783/tcp --permanent
sudo firewall-cmd --zone=public --add-port=783/udp --permanent
sudo firewall-cmd --zone=public --add-port=873/tcp --permanent
sudo firewall-cmd --zone=public --add-port=873/udp --permanent
sudo firewall-cmd --zone=public --add-port=993/tcp --permanent
sudo firewall-cmd --zone=public --add-port=995/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2703/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2077/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2078/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2079/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2080/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2082/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2083/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2086/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2087/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2089/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2095/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2096/tcp --permanent
sudo firewall-cmd --zone=public --add-port=2195/tcp --permanent
sudo firewall-cmd --zone=public --add-port=3306/tcp --permanent
sudofirewall-cmd --zone=public --add-port=6277/tcp --permanent
sudo firewall-cmd --zone=public --add-port=6277/udp --permanent
sudo firewall-cmd --zone=public --add-port=24441/tcp --permanent
sudo firewall-cmd --zone=public --add-port=24441/udp --permanent



systemctl restart firewalld



Now, please i want to hear your opinion about this. Is this what i made safe? Did i open some ports where hackers can get in easily or no?


Thanks

 

[cPRex]

Those all look like normal ports to me - I wouldn't expect any of those to cause an issue. All the ports listed there are included in the documentation page I sent and are used for cPanel or supported tools.