Set iptables for firewall access/non-access?

lse

Active Member
May 5, 2016
39
0
6
Polis, Cyprus
cPanel Access Level
Root Administrator
cent os 6.7 vps cpanel
  • WHM 56.0 (build 16) cPanel VPS

What ways exist set iptables for firewall access/non-access?
Only ssh...? Can edit /etc/sysconfig/iptables with an text editor?
Can be done from cPanel, if yes how?
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
97
78
India
cPanel Access Level
Root Administrator
Twitter

lse

Active Member
May 5, 2016
39
0
6
Polis, Cyprus
cPanel Access Level
Root Administrator
if want allow LOCALHOST, HTTPD(S), DNS domain queries tcp/udp, FTP, ICMP, STATE, SSH, NTP
// INPUT/OUTPUT FOR ALL IPs
what have to enter? THE EQUIVALENT IS BELOW Sell Script CODE ... isn't it? SSH needed input & output or only input?

needed to enter anything or these are defaults...? Also these are OK for a web server only...?

Exist any case logout (cannot access) , by bad iptables configuration here WHM >> Security Center >> Host Access Control
both cpanel and ssh?


Code:
# STEP 1

iptables --flush

iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT

service iptables save

cat /etc/sysconfig/iptables

service iptables restart


# STEP 2

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT

iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -A INPUT -p tcp --dport 20:21 -j ACCEPT

iptables -A OUTPUT -p udp --dport 123 -j ACCEPT

iptables -P INPUT DROP && iptables -P FORWARD DROP && iptables -P OUTPUT DROP

service iptables save

service iptables restart
 
Last edited:

lse

Active Member
May 5, 2016
39
0
6
Polis, Cyprus
cPanel Access Level
Root Administrator
What to insert below...and how deny all others...?

Code:
#  Home >> Security Center >> Host Access Control     ||     CENTOS 6.7 x86_64 WHM 56.0 (build 18)
Daemon                 Access List         Action         Comment
localhost                    ALL                allow
ICMP
STATE
DNS
SSHD
STMP
POP
HTTPD
HTTPSD
FTPD