Newbe: setting up firewall

Post Reply
rkok
Junior Member
Posts: 1
Joined: 06 Nov 2023, 13:40

Newbe: setting up firewall

Post by rkok »

Hi all,

On my VPS I use:
- WHM/cPanel v114.0.11
- CloudLinux v8.8.0
- Plug-in: ConfigServer Security & Firewall - csf v14.20

I am a beginner.

On my VPS I host several websites for others. Also, the VPS serves as a mail server.

Part 1:
I perform all management tasks for my VPS from 1 fixed IP address for example xxx.xxx.xxx.xxx.xxx. This IP address should never be blocked and all ports should always be accessible.

Part 2:
For security reasons I want to make only the necessary ports accessible for if are accessed from all other IP addresses.

I think the following ports should be accessible;
- websites: port 80 and port 443 (http and https)
- mail incoming: 143 and 993 (SSL)
- mail outgoing: (IMAP only), 465(SSL), 587 (TLS) (not port 25 for security reasons)

--------------------------------------------------------

Possible solution Part 1?:
To achieve that I can always access the VPS from my fixed IP address which is never blocked I would have to do the following:

Either
- add the IP address to the csf.allow file
- Add the IP address to the file csf.ignore

Or
- add the IP address to the file csf.allow
- and enable the IGNORE_ALLOW option in csf.conf

OR
- add the following line in csf.conf under 'Allow incoming TCP ports':
tcp:in:d=1_65535:s=xxx.xxx.xxx.xxx.xxx

Which is the best way?

Possible solution Part 2?:
To block all ports for all other IP addresses except ports:
80,443,143,993,465 and 587

- add the following line:
tcp:in:d=1_79,81_142,144_442,444_464,466_992,993_65535

a) Is this correct?
b) Where should I place this line?
c) should any other ports be open?
d) should I use the same rule for udp?

Thank you in advance,
Post Reply