Set iptables for firewall access/non-access?

lse

• May 21, 2016 08:51

cent os 6.7 vps cpanel [LIST]

WHM 56.0 (build 16) cPanel VPS What ways exist set iptables for firewall access/non-access? Only ssh...? Can edit /etc/sysconfig/iptables with an text editor? Can be done from cPanel, if yes how?

• 

  24x7server

  • May 22, 2016 12:44

  Hello :), Yes, You can do this with host access control through WHM >> Security Center >> Host Access Control Host Access Control - Documentation - cPanel Documentation

  0
• 

  lse

  • May 22, 2016 17:09

  if want allow LOCALHOST, HTTPD(S), DNS domain queries tcp/udp, FTP, ICMP, STATE, SSH, NTP // INPUT/OUTPUT FOR ALL IPs what have to enter? THE EQUIVALENT IS BELOW Sell Script CODE ... isn't it? SSH needed input & output or only input? needed to enter anything or these are defaults...? Also these are OK for a web server only...? Exist any case logout (cannot access), by bad iptables configuration here WHM >> Security Center >> Host Access Control both cpanel and ssh?
  # STEP 1 iptables --flush iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT service iptables save cat /etc/sysconfig/iptables service iptables restart # STEP 2 iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -p icmp --icmp-type any -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 53 -j ACCEPT iptables -A INPUT -p udp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 110 -j ACCEPT iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp --dport 20:21 -j ACCEPT iptables -A INPUT -p tcp --dport 20:21 -j ACCEPT iptables -A OUTPUT -p udp --dport 123 -j ACCEPT iptables -P INPUT DROP && iptables -P FORWARD DROP && iptables -P OUTPUT DROP service iptables save service iptables restart
  

  0
• 

  lse

  • May 23, 2016 11:31

  What to insert below...and how deny all others...?
  # Home >> Security Center >> Host Access Control || CENTOS 6.7 x86_64 WHM 56.0 (build 18) Daemon Access List Action Comment localhost ALL allow ICMP STATE DNS SSHD STMP POP HTTPD HTTPSD FTPD
  

  0
• 

  cPanelMichael

  • May 31, 2016 19:04

  Hello, I suggest using a third-party firewall management utility such as CSF: ConfigServer Security & Firewall Thank you.

  0
• 

  lse

  • May 31, 2016 19:27

  this is something install on server? is CLI? Or is WEB BASED GUI? I must give my server password?

  0
• 

  cPanelMichael

  • June 01, 2016 20:01

  It's a third-party firewall management utility. Installation instructions are available at:

  0

Please sign in to leave a comment.