Skip to main content

cPHulk and Hardware Firewall Question

Comments

2 comments

  • cPanelMichael
    Hello, Generally that configuration should be okay without CSF, but note that CSF offers several features beyond just standard port restrictions so it's difficult to say for sure. This question is likely better discussed on the CSF support forums: General Discussion (csf) - ConfigServer Community Forum Thank you.
    0
  • 24x7server
    I have a cpanel server with a Juniper SRX 300 firewall. We block all ports other than web and email. FTP and cPanel access is whitelist only for client IPs. Since I have cphulk and a hardware firewall what extra benefit would CSF be if any? I tried CSF and it conflicts with our VPN since the Dynamic VPN feature changes IPs. Is cphulk and the hardware firewall secure? Do I lose or gain anything adding CSF since I have the hardware firewall?

    By default, when you install CSF, it does cause issues on a VPN server, so it is not advised to have it installed on a VPN server.. However, since you are using a hardware firewall, I feel there is no need to use a software firewall, however, if you still want to give it a try, you can configure the CSF and check if it works. Make sure below ports are added in the csf firewall.. --------------- --------------- TCP_IN = "22,1194,33434:33523" TCP_OUT = "22,1194,33434:33523" UDP_IN = "1194" UDP_OUT = "1194" --------------- --------------- After doing so, also look for the file named csfpre.sh and add the below content to it: # vi /etc/csf/csfpre.sh --------------- --------------- iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j REJECT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -j SNAT --to-source xx.xx.xx.xx replace xx.xx.xx.xx with your actual server IP. Save, exit, and restart csf. --------------- --------------- # csf -r
    0

Please sign in to leave a comment.