firewalld.service = Active: inactive
regards,
after of we install cPanel + CSF we run
with result]CODE] [root@todo ~]# systemctl status firewalld " firewalld.service Loaded: masked (/dev/null; bad) Active: inactive (dead) [root@todo ~]#
really my server don't have a firewall running? if no, this means my server is TOTALLY INSECURE ? if yes, why CentOs 7 reply inactive (dead) ? Thanks by your help
systemctl status firewalldwith result]CODE] [root@todo ~]# systemctl status firewalld " firewalld.service Loaded: masked (/dev/null; bad) Active: inactive (dead) [root@todo ~]#
really my server don't have a firewall running? if no, this means my server is TOTALLY INSECURE ? if yes, why CentOs 7 reply inactive (dead) ? Thanks by your help
-
firewalld is not the same as CSF. I would suggest you run yum remove firewalld* You can check the status of csf with csf -s 0 -
thanks @GOT pleae have patience with me: no't is clear. I am in panic! have my server some firewall running ? just is my server very insecure ? (becouse firewall is OFF!) 0 -
firewalld SHOULD be off. firewalld is NOT csf. firewalld should be removed if it was running it would fight with csf. 0 -
firewalld SHOULD be off. firewalld is NOT csf. firewalld should be removed if it was running it would fight with csf.
Thanks master @GOT then how I open a port in this server CentOs 7 + cPanel note directlly: from CLI no't using WHM many thanks again.0 -
how I open a port in this server CentOs 7 + cPanel
- open the file /etc/csf/csf.conf
- add the number port to the list TCP_IN:
TCP_IN = "20,21,22,25,53,80, ..., YOU_PORT_NUMBER, 8443"
- add the number port to the list TCP_OUT:
TCP_OUT = "20,21,22, ..., YOU_PORT_NUMBER, 5432"
- restart CSF:
csf -ra
- question in forums cPanel becouse:
0 -
What you did should be correct. Its possible that hte port you are opening is not actually listening for anything. What is the output of netstat -nlp|grep YOU_PORT_NUMBER Although I would add that there should be no spaces after the commas as you have it in your post. 0 -
thanks @GOT Its possible that hte port you are opening is not actually listening for anything.
o_O if I open a port automatically no't "listen" ?[root@cocacola ~]# netstat -nlp | grep 5432 tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 942/postmaster unix 2 [ ACC ] STREAM LISTENING 18494 942/postmaster /tmp/.s.PGSQL.5432 unix 2 [ ACC ] STREAM LISTENING 18481 942/postmaster /var/run/postgresql/.s.PGSQL.5432 [root@cocacola ~]#
but in the end of/var/lib/pgsql/13/data/pg_hba.conf
I put# remote connections: host all all * trust
and after I runsystemctl restart postgresql-13;0 -
5432 tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 942/postmaster Your service is only listening on 127.0.0.1 so its not set to listen on anything besides localhost so you won't be able to connect to it externally. You would need to reconfigure it to listen on 0.0.0.0 if you wanted to make external connections to it. 0 -
Though I would add that having postgresql wide open to the entire internet is not advisable. 0 -
Though I would add that having postgresql wide open to the entire internet is not advisable.
thanks, master when I puthost all all MY.IP.FROM.ISP trust
in the moment of restart PgSQL:[root@cocacola ~]# systemctl restart postgresql-13; Job for postgresql-13.service failed because the control process exited with error code. See "systemctl status postgresql-13.service" and "journalctl -xe" for details. [root@cocacola ~]#
... how I can config EXTERNAL connection only for MY.IP ?0 -
Thanks @GOT @000 - as mentioned, you can open any port you want, but it won't show as active with a test like "telnet" if there is nothing listening on it. We can telnet to ports 80 and 25 normally because there are services listening on them. One example is the passive FTP port range, which is the range of ports from 49152 to 65534 by default. They are open in the firewall, but they are only used for an active session, so telnet won't show them as active even though they can be used as needed. 0
Please sign in to leave a comment.
Comments
13 comments