The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

one powerfall firewall installation?

Discussion in 'General Discussion' started by chadi, Apr 20, 2004.

  1. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    I need to install one mighty safe and sound firewall on my server (cpanel / rhe) via ssh. Please someone knowledgeable give me instructions in plain english on how to do this via ssh.

    I'm extremely a newbie to this so please explain in simple details. I would truly appreciate this.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  3. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    My vote is with APF as well, great firewall script!
     
  4. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    how can you test it to see if it works or not?
     
  5. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    anyone know?
     
  6. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    iptables -L

    if that shows alot of stuff then the firewall is working. As far as testing, you could run a port scan on your server but be careful as some isp's really frown upon that.
     
  7. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    what exactly is "a lot of stuff"? Can you give me a line example?

    Also, how do I do a port scan via ssh?
     
  8. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    anyone know how i can do a port scan via ssh?
     
  9. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    Huh? You want to know locally what ports you are listening on? You can check your services file.
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well, the services file is just a map of ports to services, it doesn't really have anything to do with what's open and what isn't. You can have ports opens that aren't in the file and ports not used that are.

    The easy way to tell whether an iptables file is working is to simply look at its output:

    iptables -L -n | more
     
  11. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    True :rolleyes: I wasn't thinking about default installs.

    The best way to do a port scan locally would be to install and run nmap:

    nmap -sT -O localhost
     
  12. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    Can you give me an example of what I should see to recognize that iptables is prooperly installed, working?

    Yes, I'm that much of a newbie

    :D
     
  13. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    If it is not working it will show 6 lines. If iptables is setup it will scroll though hundreds (literally).
     
  14. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    I didn't see "hundreds" but maybe about 40-50 lines. Is that normal?
     
  15. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    Did you turn dev mode off? The 50-60 lines is what cpanel uses for bandwidth monitoring.

    apf -s

    make sure and start apf as well
     
  16. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    ok here's the thing with the link provided (first reply - webhostgear.com....)

    Common ingress (inbound) ports
    # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
    IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,30000_35000"
    #
    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="53"

    Common egress (outbound) ports
    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,25,80,443,43"
    #
    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53"

    do i copy the entire section (inbound - paste then same for outbound)? because it seems to use more than a line and just returns me to root after i press enter
     
  17. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    No you don't type it in console you put it in the /etc/apf/conf.apf config file
     
  18. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    thats weird..it doesn't say that on the page
     
  19. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    ok i see now..but where exactly do i add this entire lines of codes in the file? Just add teh entire thing at the end?
     
  20. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    True step 7 does not say to stay in the conf.apf but it does not say to leave it either. Most people look at the config and would associate them together. Anyways if you look in the conf.apf you will see that exact ports section.
     
Loading...

Share This Page