Set iptables for firewall access/non-access?

[lse]

cent os 6.7 vps cpanel

• WHM 56.0 (build 16) cPanel VPS

What ways exist set iptables for firewall access/non-access?
Only ssh...? Can edit /etc/sysconfig/iptables with an text editor?
Can be done from cPanel, if yes how?

 

[24x7server]

Hello ,

Yes, You can do this with host access control through WHM >> Security Center >> Host Access Control

Host Access Control - Documentation - cPanel Documentation

 

[lse]

if want allow LOCALHOST, HTTPD(S), DNS domain queries tcp/udp, FTP, ICMP, STATE, SSH, NTP
// INPUT/OUTPUT FOR ALL IPs
what have to enter? THE EQUIVALENT IS BELOW Sell Script CODE ... isn't it? SSH needed input & output or only input?

needed to enter anything or these are defaults...? Also these are OK for a web server only...?

Exist any case logout (cannot access) , by bad iptables configuration here WHM >> Security Center >> Host Access Control
both cpanel and ssh?

# STEP 1

iptables --flush

iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT

service iptables save

cat /etc/sysconfig/iptables

service iptables restart


# STEP 2

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT

iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -A INPUT -p tcp --dport 20:21 -j ACCEPT

iptables -A OUTPUT -p udp --dport 123 -j ACCEPT

iptables -P INPUT DROP && iptables -P FORWARD DROP && iptables -P OUTPUT DROP

service iptables save

service iptables restart

 

[lse]

What to insert below...and how deny all others...?

#  Home >> Security Center >> Host Access Control     ||     CENTOS 6.7 x86_64 WHM 56.0 (build 18)
Daemon                 Access List         Action         Comment
localhost                    ALL                allow
ICMP
STATE
DNS
SSHD
STMP
POP
HTTPD
HTTPSD
FTPD

 

[cPanelMichael]

Hello,

I suggest using a third-party firewall management utility such as CSF:

ConfigServer Security & Firewall

Thank you.

 

[lse]

this is something install on server?
is CLI?
Or is WEB BASED GUI?

I must give my server password?

 

[cPanelMichael]

It's a third-party firewall management utility. Installation instructions are available at:

Firewall Configuration - CSF

Thank you.