Need use pop 3 fetching via 995 port

[peopleinside]

Hi,
when i put active CSF I'm unable to use port 995 for POP3 Fetching

What i have to edit in the CSF for make work it?

Thanks

[nuffsaid]

Edit the following file with your fouvourable editor ,

/etc/csf/csf.conf

Then add your port in the configuration like below on the needed line

Code: Select all

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,26"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873"

[peopleinside]

Thanks,
my default config. in Webuzo is:

Code: Select all

###############################################################################
# SECTION:IPv4 Port Settings
###############################################################################
# Lists of ports in the following comma separated lists can be added using a
# colon (e.g. 30000:35000).

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2002,2003,2004,2005,8080"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,2002,2003,2004,2005,8080"

# Allow incoming UDP ports
UDP_IN = "20,21,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list 
UDP_OUT = "20,21,53,113,123"

# Allow incoming PING
ICMP_IN = "1"

# Set the per IP address incoming ICMP packet rate
# To disable rate limiting set to "0"
ICMP_IN_RATE = "1/s"

# Allow outgoing PING
ICMP_OUT = "1"

# Set the per IP address outgoing ICMP packet rate (hits per second allowed),
# e.g. "1/s"
# To disable rate limiting set to "0"
ICMP_OUT_RATE = "0"

###############################################################################
# SECTION:IPv6 Port Settings
###############################################################################
# IPv6: (Requires ip6tables)
#
# Pre v2.6.20 kernels do not perform stateful connection tracking, so a static
# firewall is configured as a fallback instead if IPV6_SPI is set to 0 below
#
# Supported:
# Temporary ACCEPT/DENY, GLOBAL_DENY, GLOBAL_ALLOW, SMTP_BLOCK, LF_PERMBLOCK,
# PACKET_FILTER, WATCH_MODE, Advanced Allow/Deny Filters, RELAY_*, CLUSTER_*
#
# Not supported:
# DYNDNS, CC_DENY, CC_ALLOW, CC_ALLOW_FILTER, SYNFLOOD, PORTFLOOD, DYNDNS,
# ICMP_IN, ICMP_OUT, LF_NETBLOCK, MESSENGER, CC_IGNORE, CONNLIMIT,
# CC_ALLOW_PORTS, CC_DENY_PORTS
#
# Partially supported:
# CC_LOOKUPS - reverse DNS only and requires the perl module Socket6 from cpan
#
# MESSENGER service - not supported: no REDIRECT support in ip6tables as yet
#
IPV6 = "1"

# IPv6 uses icmpv6 packets very heavily. By default, csf will allow all icmpv6
# traffic in the INPUT and OUTPUT chains. However, this could increase the risk
# of icmpv6 attacks. To restrict incoming icmpv6, set to "1" but may break some
# connection types
IPV6_ICMP_STRICT = "0"

# Pre v2.6.20 kernel must set this option to "0" as no working state module is
# present, so a static firewall is configured as a fallback
#
# A workaround has been added for CentOS/RedHat v5 and custom kernels that do
# not support IPv6 connection tracking by opening ephemeral port range
# 32768:61000. This is only applied if IPV6_SPI is not enabled. This is the
# same workaround implemented by RedHat in the sample default IPv6 rules
#
# Because connection tracking does not work on such kernels, applications that
# rely on it (e.g. apache, passive ftp, etc) will not function unless you open
# all outgoing ports. To do this set the following:
#
# TCP6_OUT = "0:65535"
# UDP6_OUT = "0:65535"
#
# If you allow incoming ipv6 DNS lookups you will need to use the following
# directive in the options{} section of your named.conf:
#
#        query-source-v6 port 53;
#
# This will force ipv6 incoming DNS traffic only through port 53
#
# These changes are not necessary if the SPI firewall is used
IPV6_SPI = "1"

# Allow incoming IPv6 TCP ports
TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

# Allow outgoing TCP ports
TCP6_OUT = "20,21,22,25,53,80,110,113,443"

# Allow incoming UDP ports
UDP6_IN = "20,21,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list 
UDP6_OUT = "20,21,53,113,123"

So i need to replace the port or just add

[peopleinside]

Ok just added 995 to outgoing and after removed and reinstall now seems to work.
Thanks.. if i see will work in this day i have solved.. if not i will write new post. thanks again!

[nuffsaid]

Good Job .. Keep it up ..

[peopleinside]

Thanks for helping me.
Without your reply.. without your answer I'd still be with CSF uninstalled..
Thanks.