Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Set iptables for firewall access/non-access?

Discussion in 'Security' started by lse, May 21, 2016.

  1. lse

    lse Active Member

    Joined:
    May 5, 2016
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Polis, Cyprus
    cPanel Access Level:
    Root Administrator
    cent os 6.7 vps cpanel
    • WHM 56.0 (build 16) cPanel VPS

    What ways exist set iptables for firewall access/non-access?
    Only ssh...? Can edit /etc/sysconfig/iptables with an text editor?
    Can be done from cPanel, if yes how?
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,888
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. lse

    lse Active Member

    Joined:
    May 5, 2016
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Polis, Cyprus
    cPanel Access Level:
    Root Administrator
    if want allow LOCALHOST, HTTPD(S), DNS domain queries tcp/udp, FTP, ICMP, STATE, SSH, NTP
    // INPUT/OUTPUT FOR ALL IPs
    what have to enter? THE EQUIVALENT IS BELOW Sell Script CODE ... isn't it? SSH needed input & output or only input?

    needed to enter anything or these are defaults...? Also these are OK for a web server only...?

    Exist any case logout (cannot access) , by bad iptables configuration here WHM >> Security Center >> Host Access Control
    both cpanel and ssh?


    Code:
    # STEP 1
    
    iptables --flush
    
    iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT
    
    service iptables save
    
    cat /etc/sysconfig/iptables
    
    service iptables restart
    
    
    # STEP 2
    
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT
    
    iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    iptables -A INPUT -p udp --dport 53 -j ACCEPT
    
    iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    
    iptables -A INPUT -p tcp --dport 25 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT
    
    iptables -A INPUT -p tcp --dport 110 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT
    
    iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    
    iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    
    iptables -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
    iptables -A INPUT -p tcp --dport 20:21 -j ACCEPT
    
    iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
    
    iptables -P INPUT DROP && iptables -P FORWARD DROP && iptables -P OUTPUT DROP
    
    service iptables save
    
    service iptables restart
    
     
    #3 lse, May 22, 2016
    Last edited: May 23, 2016
  4. lse

    lse Active Member

    Joined:
    May 5, 2016
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Polis, Cyprus
    cPanel Access Level:
    Root Administrator
    What to insert below...and how deny all others...?

    Code:
    #  Home >> Security Center >> Host Access Control     ||     CENTOS 6.7 x86_64 WHM 56.0 (build 18)
    Daemon                 Access List         Action         Comment
    localhost                    ALL                allow
    ICMP
    STATE
    DNS
    SSHD
    STMP
    POP
    HTTPD
    HTTPSD
    FTPD 
    
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. lse

    lse Active Member

    Joined:
    May 5, 2016
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Polis, Cyprus
    cPanel Access Level:
    Root Administrator
    this is something install on server?
    is CLI?
    Or is WEB BASED GUI?

    I must give my server password?
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice