Skip to main content

iptables permanet

jlucho

hi guys

I have a cpanel 116.0.14 + Almalinux8 + CSF

I'm trying to open a port using IPtables and make that change permanent

I execute this command: iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT

runs successfully and the port opens.

However, when I restart CSF, everything goes back to the beginning

How do I make this change in iptables permanent?

 

 

 

Comments

3 comments

Date Votes
  • cPRex Jurassic Moderator

    Hey there!  You'll need to pick one or the other - you'll want to make all your changes to CSF directly and not use any manual IPTtables commands or the two won't interact properly.

    0
  • jlucho

    I am using Filezilla, for some strange reason, it does not want to connect to port21, only if I add the range 49152:65534, it allows a successful connection.

    Do you know what could be happening?

    Via CSF I have added the range 49152:65534, but I feel like I am making the server insecure by allowing too many ports

    0
  • cPRex Jurassic Moderator

    That's the passive port range as outlined here:

    https://docs.cpanel.net/knowledge-base/ftp/how-to-enable-ftp-passive-mode/

    There's nothing wrong or insecure about having those ports opened as nothing is actively listening on them until you make an FTP connection.

    We do recommend using something other than Filezilla as they have experienced some known security issues.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post