The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Set iptables for firewall access/non-access?

Discussion in 'Security' started by lse, May 21, 2016.

  1. lse

    lse Active Member

    Joined:
    May 5, 2016
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Polis, Cyprus
    cPanel Access Level:
    Root Administrator
    cent os 6.7 vps cpanel
    • WHM 56.0 (build 16) cPanel VPS

    What ways exist set iptables for firewall access/non-access?
    Only ssh...? Can edit /etc/sysconfig/iptables with an text editor?
    Can be done from cPanel, if yes how?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,145
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
  3. lse

    lse Active Member

    Joined:
    May 5, 2016
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Polis, Cyprus
    cPanel Access Level:
    Root Administrator
    if want allow LOCALHOST, HTTPD(S), DNS domain queries tcp/udp, FTP, ICMP, STATE, SSH, NTP
    // INPUT/OUTPUT FOR ALL IPs
    what have to enter? THE EQUIVALENT IS BELOW Sell Script CODE ... isn't it? SSH needed input & output or only input?

    needed to enter anything or these are defaults...? Also these are OK for a web server only...?

    Exist any case logout (cannot access) , by bad iptables configuration here WHM >> Security Center >> Host Access Control
    both cpanel and ssh?


    Code:
    # STEP 1
    
    iptables --flush
    
    iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT
    
    service iptables save
    
    cat /etc/sysconfig/iptables
    
    service iptables restart
    
    
    # STEP 2
    
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    
    iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p udp --dport 53 -j ACCEPT
    
    iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    
    iptables -A INPUT -p tcp --dport 25 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
    
    iptables -A INPUT -p tcp --dport 110 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT
    
    iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    
    iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    
    iptables -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
    iptables -A INPUT -p tcp --dport 20:21 -j ACCEPT
    
    iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
    
    iptables -P INPUT DROP && iptables -P FORWARD DROP && iptables -P OUTPUT DROP
    
    service iptables save
    
    service iptables restart
    
     
    #3 lse, May 22, 2016
    Last edited: May 23, 2016
  4. lse

    lse Active Member

    Joined:
    May 5, 2016
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Polis, Cyprus
    cPanel Access Level:
    Root Administrator
    What to insert below...and how deny all others...?

    Code:
    #  Home >> Security Center >> Host Access Control     ||     CENTOS 6.7 x86_64 WHM 56.0 (build 18)
    Daemon                 Access List         Action         Comment
    localhost                    ALL                allow
    ICMP
    STATE
    DNS
    SSHD
    STMP
    POP
    HTTPD
    HTTPSD
    FTPD 
    
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,675
    Likes Received:
    647
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  6. lse

    lse Active Member

    Joined:
    May 5, 2016
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Polis, Cyprus
    cPanel Access Level:
    Root Administrator
    this is something install on server?
    is CLI?
    Or is WEB BASED GUI?

    I must give my server password?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,675
    Likes Received:
    647
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page