Skip to main content

about iptables adn firewalld

anouar el bakkouri
Hello I'm new in this forum I installed Cpanel in my server CENTOS 7 now I want to install a firewall please Who is the best iptables or firewalld ? What are the pors that I have to open? Do I have to open all this pors 20 TCP/UDP FTP data 21 TCP/UDP FTP command 22 TCP/UDP SSH (Secure Shell) 25 TCP SMTP (Simple Mail Transfer Protocol) 53 TCP/UDP DNS (Domain Name System) 80 TCP/UDP HTTP (Hypertext Transfer Protocol) 110 TCP POP3 (Post Office Protocol v3) 143 TCP IMAP (Internet Message Access Protocol) 443 TCP HTTPS (Hypertext Transfer Protocol over SSL/TLS) 465 TCP SMTP over SSL 993 TCP IMAPS (Internet Message Access Protocol over SSL) 995 TCP POP3S (Post Office Protocol 3 over TLS/SSL) 2077 TCP Webdisk (cPanel Specific) 2078 TCP Webdisk with SSL (cPanel Specific) 2082 TCP CPanel default (cPanel Specific) 2083 TCP CPanel default SSL (cPanel Specific) 2086 TCP WHM (cPanel Specific) 2087 TCP WHM with SSL (cPanel Specific) thank you 2095 TCP CPanel Web mail (cPanel Specific) 2096 TCP CPanel Web mail with SSL (cPanel Specific)

Comments

6 comments

Date Votes
  • GOT
    Really firewalld is just a way to manage iptables. We normally remove firewalld and install CSF which is another way to manage firewall rules and it integrates with whom and has a ton of nice features.
    0
  • cPanelLauren
    While personally I agree with @GOT as this is what I do on my own servers our recommendations officially are noted here: How to Configure Your Firewall for cPanel & WHM Services | cPanel & WHM Documentation
    0
  • anouar el bakkouri
    While personally I agree with @GOT as this is what I do on my own servers our recommendations officially are noted here:
    0
  • anouar el bakkouri
    Really firewalld is just a way to manage iptables. We normally remove firewalld and install CSF which is another way to manage firewall rules and it integrates with whom and has a ton of nice features.

    thank you you remove firewalld what about iptables?
    0
  • ffeingol
    Like man others, we use CSF. The main advantage (other that it's easy to setup the ports you want open) is LFD or login failure daemon. LFD watches various logs (SMTP, POP, IMAP, FTP etc.) and will add rules to block IP if they have repeated login failures over a brief period. While it sometimes gets clients, it usually blocks brute force login attempts.
    0
  • cPanelLauren
    thank you you remove firewalld what about iptables?

    I'm not sure I understand this question. CSF manages IPTables it is not a standalone replacement for it.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post